Re: Monitoring Net Traffic From the Console or Another Comptuer
On Sunday 15 June 2008, Mike Bird wrote:
> On Sun June 15 2008 20:31:32 Hal Vaughan wrote:
> > On Sunday 15 June 2008, Mike Bird wrote:
> > > On Sun June 15 2008 20:16:19 Hal Vaughan wrote:
> > > > Is there any program (I couldn't find one) that I can run on
> > > > this computer, via SSH, that will give me packet info I can
> > > > scan in the same way I do with Wireshark when I've got X on a
> > > > system?
> > >
> > > tshark can display packets in realtime or capture to a pcap file
> > > which can be copied across the network for display in wireshark.
> >
> > I'm looking into that. Unfortunately it's not in Sarge. I have
> > found a few since I posted by changing my search terms. (I tend to
> > always pick what sounds like good search terms that don't give me
> > good hits!)
> >
> > I just started looking at tcpdump, but I'm not sure if it'll give
> > more than packet headers. Unfortunately, I need to get this done
> > tonight and this is the big hold up -- once I clear this, the rest
> > will be easy, so it's one of those cases where I'm hoping I can
> > find an easy to use tool that I don't have to spend hours learning
> > how to configure.
>
> I don't have any systems running Sarge but the Packages file in the
> repository says that Sarge includes tethereal, which was tshark
> before the name change.
>
> I used to use tcpdump and it was pretty good but these days the
> ethereal/wireshark family seem to do a better job of analyzing
> packets.
After your suggestion, I did find tethereal, but it doesn't seem to have
as much as tshark. I found it in the Sarge backports, along with
wireshark-common, which it needed. I got it up and running, dumped the
output to a file and loaded it in with Wireshark on my workstation, so
it's doing what I need now.
Thanks!
Hal
Reply to: