Re: Monitoring Net Traffic From the Console or Another Comptuer
Hal Vaughan schreef: I have a workstation and several other computers on my LAN, all running Linux -- either Debian or Ubuntu (Kubuntu for the workstation, Sarge on the rest -- please don't start on the version, I'll be updating it in my copious amounts of free time one year). I am connecting to a computer through ssh and running some Perl programs on it. I need to be able to see what is going out from that computer to a web site so I can verify the HTTP headers and data going both ways. If this were on the workstation, I'd use Wireshark, but this system is console only and I'm not about to install X on it and deal with switching monitors for this one issue. Is there any program (I couldn't find one) that I can run on this computer, via SSH, that will give me packet info I can scan in the same way I do with Wireshark when I've got X on a system? And if that doesn't work, is there a way to get Wireshark to read what goes between other NICs? The workstation is the only computer on the LAN with X, so I can't run Wireshark on any server or firewall system. Thanks! Hal I use tcpdump in an situation like that. With the option -w filename -s0, you capture all of the packets in an file. With scp i copy the file to the local machine, en use wireshare to analise the file. Regards, Michiel Piscaer -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Monitoring Net Traffic From the Console or Another Comptuer
On Sun, Jun 15, 2008 at 11:16:19PM -0400, Hal Vaughan wrote: Is there any program (I couldn't find one) that I can run on this computer, via SSH, that will give me packet info I can scan in the same way I do with Wireshark when I've got X on a system? And if that doesn't work, is there a way to get Wireshark to read what goes between other NICs? The workstation is the only computer on the LAN with X, so I can't run Wireshark on any server or firewall system. Why not put wireshark on the target box, set up ssh with X-forwarding, run wireshark on the server from the workstation via xterm sshing to the target box? It will run on the server but display on the workstation. Doug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Monitoring Net Traffic From the Console or Another Comptuer
On Monday 16 June 2008, Douglas A. Tutty wrote: On Sun, Jun 15, 2008 at 11:16:19PM -0400, Hal Vaughan wrote: Is there any program (I couldn't find one) that I can run on this computer, via SSH, that will give me packet info I can scan in the same way I do with Wireshark when I've got X on a system? And if that doesn't work, is there a way to get Wireshark to read what goes between other NICs? The workstation is the only computer on the LAN with X, so I can't run Wireshark on any server or firewall system. Why not put wireshark on the target box, set up ssh with X-forwarding, run wireshark on the server from the workstation via xterm sshing to the target box? It will run on the server but display on the workstation. I thought of that, but figured I'd run into a lot of dependency issues. I didn't follow the entire tree, but I know Ethereal (the target box is still on Sarge for a while longer) needs gtk, and I haven't checked from there just what other graphic packages or such it needed. Also I'd have to change my settings on the workstation, since I'm logged in to the target box under a different username and I remember that I'd have to dig into the X config somewhere to let X display a program run under a different user name than the one I'm logged in as. Thanks for the idea, but for now tshark is handling it. Unfortunately, I missed the deadline. The system I was working with went down for upkeep at midnight and today my system is doing work until at least 5:30 so I have to leave it alone until then. Hal -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Monitoring Net Traffic From the Console or Another Comptuer
I have a workstation and several other computers on my LAN, all running Linux -- either Debian or Ubuntu (Kubuntu for the workstation, Sarge on the rest -- please don't start on the version, I'll be updating it in my copious amounts of free time one year). I am connecting to a computer through ssh and running some Perl programs on it. I need to be able to see what is going out from that computer to a web site so I can verify the HTTP headers and data going both ways. If this were on the workstation, I'd use Wireshark, but this system is console only and I'm not about to install X on it and deal with switching monitors for this one issue. Is there any program (I couldn't find one) that I can run on this computer, via SSH, that will give me packet info I can scan in the same way I do with Wireshark when I've got X on a system? And if that doesn't work, is there a way to get Wireshark to read what goes between other NICs? The workstation is the only computer on the LAN with X, so I can't run Wireshark on any server or firewall system. Thanks! Hal -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Monitoring Net Traffic From the Console or Another Comptuer
On Sun June 15 2008 20:16:19 Hal Vaughan wrote: Is there any program (I couldn't find one) that I can run on this computer, via SSH, that will give me packet info I can scan in the same way I do with Wireshark when I've got X on a system? tshark can display packets in realtime or capture to a pcap file which can be copied across the network for display in wireshark. --Mike Bird -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Monitoring Net Traffic From the Console or Another Comptuer
On Sunday 15 June 2008, Mike Bird wrote: On Sun June 15 2008 20:16:19 Hal Vaughan wrote: Is there any program (I couldn't find one) that I can run on this computer, via SSH, that will give me packet info I can scan in the same way I do with Wireshark when I've got X on a system? tshark can display packets in realtime or capture to a pcap file which can be copied across the network for display in wireshark. I'm looking into that. Unfortunately it's not in Sarge. I have found a few since I posted by changing my search terms. (I tend to always pick what sounds like good search terms that don't give me good hits!) I just started looking at tcpdump, but I'm not sure if it'll give more than packet headers. Unfortunately, I need to get this done tonight and this is the big hold up -- once I clear this, the rest will be easy, so it's one of those cases where I'm hoping I can find an easy to use tool that I don't have to spend hours learning how to configure. Hal -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Monitoring Net Traffic From the Console or Another Comptuer
On Sun June 15 2008 20:31:32 Hal Vaughan wrote: On Sunday 15 June 2008, Mike Bird wrote: On Sun June 15 2008 20:16:19 Hal Vaughan wrote: Is there any program (I couldn't find one) that I can run on this computer, via SSH, that will give me packet info I can scan in the same way I do with Wireshark when I've got X on a system? tshark can display packets in realtime or capture to a pcap file which can be copied across the network for display in wireshark. I'm looking into that. Unfortunately it's not in Sarge. I have found a few since I posted by changing my search terms. (I tend to always pick what sounds like good search terms that don't give me good hits!) I just started looking at tcpdump, but I'm not sure if it'll give more than packet headers. Unfortunately, I need to get this done tonight and this is the big hold up -- once I clear this, the rest will be easy, so it's one of those cases where I'm hoping I can find an easy to use tool that I don't have to spend hours learning how to configure. I don't have any systems running Sarge but the Packages file in the repository says that Sarge includes tethereal, which was tshark before the name change. I used to use tcpdump and it was pretty good but these days the ethereal/wireshark family seem to do a better job of analyzing packets. --Mike Bird -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Monitoring Net Traffic From the Console or Another Comptuer
On Sunday 15 June 2008, Mike Bird wrote: On Sun June 15 2008 20:31:32 Hal Vaughan wrote: On Sunday 15 June 2008, Mike Bird wrote: On Sun June 15 2008 20:16:19 Hal Vaughan wrote: Is there any program (I couldn't find one) that I can run on this computer, via SSH, that will give me packet info I can scan in the same way I do with Wireshark when I've got X on a system? tshark can display packets in realtime or capture to a pcap file which can be copied across the network for display in wireshark. I'm looking into that. Unfortunately it's not in Sarge. I have found a few since I posted by changing my search terms. (I tend to always pick what sounds like good search terms that don't give me good hits!) I just started looking at tcpdump, but I'm not sure if it'll give more than packet headers. Unfortunately, I need to get this done tonight and this is the big hold up -- once I clear this, the rest will be easy, so it's one of those cases where I'm hoping I can find an easy to use tool that I don't have to spend hours learning how to configure. I don't have any systems running Sarge but the Packages file in the repository says that Sarge includes tethereal, which was tshark before the name change. I used to use tcpdump and it was pretty good but these days the ethereal/wireshark family seem to do a better job of analyzing packets. After your suggestion, I did find tethereal, but it doesn't seem to have as much as tshark. I found it in the Sarge backports, along with wireshark-common, which it needed. I got it up and running, dumped the output to a file and loaded it in with Wireshark on my workstation, so it's doing what I need now. Thanks! Hal -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
