[clue-tech] Wireshark on Centos 5
Charles Hutchinson
chutchin at geekboi.org
Thu Sep 2 16:34:33 MDT 2010
On Thu, 2010-09-02 at 15:43 -0600, Clayton Fast wrote:
> I need to analyze network traffic from a specific public IP address to
> a production Centos 5 system but I'm concerned about running wireshark
> on that system. I've tried running it on a seperate PC on the network
> but it only reports its own traffic.
>
> I'm looking to see if any of you have had any major problems running
> wireshark on Centos 5.
>
> Anyone?
>
> Thanks,
> Clay
Wireshark is probably the wrong tool for your needs here. To capture
the data you need I would use tcpdump to capture the packets to a file
with the -w switch. You can specify the protocol you want or do not
want to capture as well as the host (ip) you need to capture data to and
from. You can (should) also tell it not to capture packets to and from
the host you are connecting with over ssh.
Once you've seen the error, timeout or just captured enough data I would
then pull that file to my workstation and import the capture into
wireshark for quicker analysis. For a lot of issues I do not even
bother with wireshark. Tcpdump can show you everything you need to see
but is not pointy clicky friendly.
Charlie
More information about the clue-tech
mailing list