[CentOS] Capturing Packets -- Ethereal

Wed Jan 16 21:23:59 UTC 2008
Barry Brimer <lists at brimer.org>

Quoting Al Sparks <data345 at yahoo.com>:

> This may be off topic, but I think my ethereal question might be simple
> enough.
>
> I am presently compiling ethereal on a CentOS platform to check it out.
>
> But the packets I want to monitor are actually on a different CentOS
> platform, and I'd rather not install Ethereal on it, if for no other reason I
> don't have X-Windows installed on that platform.
>
> My question is, can I monitor/write packets to a file on the more remote
> machine, and then analyze the packets on another machine using my ethereal
> SW?
>
> Can I sniff the packets on the remote w/o a full install of ethereal?
>    === Al

The new name for ethereal is wireshark.  You can use tshark (text-based version
of wireshark) or tcpdump to sniff the network and save the packet capture data
in libpcap format which you can then transfer to your machine with wireshark on
it.  Also, you could install wireshark on the remote system and export the
wireshark session to your CentOS machine with an X server in real time.

Hope this helps.

Barry