On 11/16/2014 7:17 PM, Ozan T wrote:
Hi all,
I am working in a company that develops network softwares. We often
need to capture from multiple servers in order to see if there is a
packet loss, blocked packet, or the original packet altered etc. So,
everytime we capture from source and destination, then compare
captures manually. ( Generally, we are not allowed to access to switch
or anything that stays between source and destination )
I have searched a bit but I think it is not possible to capture from
multiple machines remotely with wireshark.
Why do you think that?
We really need this feature/tool ( Also, I discussed with some other
people around me, many of them think that this feature may make things
easier for them ) . One way or another we will have to develop it. If
you think such a feature would be useful in wireshark, we would like
to target wireshark rather than a seperate project.
Ofcourse, if this is possible with current wireshark, I would like to
learn :) or if there is an ongoing project about that.
I just need an idea what you think about that feature in wireshark
project, then we can plan/discuss things according to it.
Have you tried Wireshark's "remote capture" capability. You'd need to
install "rpcapd" (from here
<http://www.winpcap.org/docs/docs_40_2/html/group__remote.html>) to run
on each remote system you want to capture from. Then in Wireshark,
configure and enable all the remote interfaces in Manage Interfaces
under the Capture Options window. I just tested capturing from 2 remote
sources simultaneously, and it seemed to work fine.
Basic representation of feature after our initial look :
Connect remote machines via ssh/pipe/rpcap as o now possible for
single machine
Capture and merge in real time
Depending on the load on the links you want to sniff, real-time may not
be possible...
Give remote capture a try if you think it'll handle your situation? Good
luck!
Patrick Klos
Klos Technologies, Inc.
http://www.packetvault.com/
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe