[clue-tech] Wireshark on Centos 5

[adam bultman]

Dumping something with tcpdump, copying it over, and then importing into
wireshark takes a while, though; sometimes it's a lot easier to run
wireshark on the local box (if possible) and then do it there.

I'll ssh -X into a server and run wireshark from there to see what's
going on - I just need to filter out my own traffic so I don't have to
look at all the cruft. 

The command line version of wireshark is 'tshark', which has some
options which make it a little easier to use than tcpdump (in my
opinion) , if that helps anybody out.



Charles Hutchinson wrote:
> On Thu, 2010-09-02 at 15:43 -0600, Clayton Fast wrote:
>   
>> I need to analyze network traffic from a specific public IP address to
>> a production Centos 5 system but I'm concerned about running wireshark
>> on that system.  I've tried running it on a seperate PC on the network
>> but it only reports its own traffic.  
>>  
>> I'm looking to see if any of you have had any major problems running
>> wireshark on Centos 5.
>>  
>> Anyone?
>>  
>> Thanks,
>> Clay
>>     
>
>
> Wireshark is probably the wrong tool for your needs here.  To capture
> the data you need I would use tcpdump to capture the packets to a file
> with the -w switch.  You can specify the protocol you want or do not
> want to capture as well as the host (ip) you need to capture data to and
> from.  You can (should) also tell it not to capture packets to and from
> the host you are connecting with over ssh.  
>
> Once you've seen the error, timeout or just captured enough data I would
> then pull that file to my workstation and import the capture into
> wireshark for quicker analysis.  For a lot of issues I do not even
> bother with wireshark.  Tcpdump can show you everything you need to see
> but is not pointy clicky friendly.
>
> Charlie
>
>
> _______________________________________________
> clue-tech mailing list
> clue-tech at cluedenver.org
> http://cluedenver.org/mailman/listinfo/clue-tech
>   

-- 
Adam