Wireshark · Ethereal-dev: Re: [Ethereal-dev] Remote Sniffing

Ethereal-dev: Re: [Ethereal-dev] Remote Sniffing

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Pierre JUHEN <pierre.juhen@xxxxxxxxxx>

Date: Thu, 09 Sep 2004 20:57:15 +0200

Here is my command to do that :

ssh 'root@remote' -C "tethereal -i eth0 -l -w -" | ethereal -i "-"-k -l -S


1/ It does work real time, at least with recent version

2/ another option : use tcpdump and netcat/nc. This should use a verysmall memory footprint.


Something like that
   on the remote device :

         tcpdump -i eth0 -l -S -w | nc local 23450

   on the local device

         nc -l -p 23450 | ethereal -i "-" -k -l -S

Be careful not to sniff the pcap stream, it could lead though somenetwork looping...


You could use udp with the "-u" option of nc.

Prev by Date: Re: [Ethereal-dev] please help
Next by Date: [Ethereal-dev] Where is the memory consumed ?
Previous by thread: Re: Re: [Ethereal-dev] Remote Sniffing
Next by thread: [Ethereal-dev] How to approve / deny a patch?
Index(es):
- Date
- Thread