This may be off topic, but I think my ethereal question might be simple enough. I am presently compiling ethereal on a CentOS platform to check it out. But the packets I want to monitor are actually on a different CentOS platform, and I'd rather not install Ethereal on it, if for no other reason I don't have X-Windows installed on that platform. My question is, can I monitor/write packets to a file on the more remote machine, and then analyze the packets on another machine using my ethereal SW? Can I sniff the packets on the remote w/o a full install of ethereal? === Al
Quoting Al Sparks <data345 at yahoo.com>:> This may be off topic, but I think my ethereal question might be simple > enough. > > I am presently compiling ethereal on a CentOS platform to check it out. > > But the packets I want to monitor are actually on a different CentOS > platform, and I'd rather not install Ethereal on it, if for no other reason I > don't have X-Windows installed on that platform. > > My question is, can I monitor/write packets to a file on the more remote > machine, and then analyze the packets on another machine using my ethereal > SW? > > Can I sniff the packets on the remote w/o a full install of ethereal? > === AlThe new name for ethereal is wireshark. You can use tshark (text-based version of wireshark) or tcpdump to sniff the network and save the packet capture data in libpcap format which you can then transfer to your machine with wireshark on it. Also, you could install wireshark on the remote system and export the wireshark session to your CentOS machine with an X server in real time. Hope this helps. Barry
yup. use tcpdump on the remote machine to create a pcap file like so tcpdump -i eth0 -n -s0 -w file.cap then just copy that file over and read it with ethereal. Al Sparks wrote:> This may be off topic, but I think my ethereal question might be simple enough. > > I am presently compiling ethereal on a CentOS platform to check it out. > > But the packets I want to monitor are actually on a different CentOS platform, and I'd rather not install Ethereal on it, if for no other reason I don't have X-Windows installed on that platform. > > My question is, can I monitor/write packets to a file on the more remote machine, and then analyze the packets on another machine using my ethereal SW? > > Can I sniff the packets on the remote w/o a full install of ethereal? > === Al > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos
The thing to do is to install wireshark on the system without X. Then from a machine with X: ssh -Xf user at macine.without.x wireshark Al Sparks wrote:> This may be off topic, but I think my ethereal question might be simple enough. > > I am presently compiling ethereal on a CentOS platform to check it out. > > But the packets I want to monitor are actually on a different CentOS platform, and I'd rather not install Ethereal on it, if for no other reason I don't have X-Windows installed on that platform. > > My question is, can I monitor/write packets to a file on the more remote machine, and then analyze the packets on another machine using my ethereal SW? > > Can I sniff the packets on the remote w/o a full install of ethereal? > === Al > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >-- Milton Calnek BSc, A/Slt(Ret.) milton at calnek.com 306-717-8737 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
> > From: Milton Calnek <milton at calnek.com> > To: CentOS mailing list <centos at centos.org> > Sent: Wednesday, January 16, 2008 12:50:47 PM > Subject: Re: [CentOS] Capturing Packets -- Ethereal > > The thing to do is to install wireshark on the system without X. > > Then from a machine with X: > ssh -Xf user at macine.without.x wiresharkYours is the coolest answer, though the others were also helpful. Thanks to all. === Al
On Wed, 2008-01-16 at 13:18 -0800, Al Sparks wrote:> Can I sniff the packets on the remote w/o a full install of ethereal?Typically something like this: tcpdump -s 1500 -i eth0 -w traffic.dmp will do the trick. Then pull the file back to the machine with ethereal and open it there. --Chris