FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 06-16-2008, 03:31 AM
Hal Vaughan
 
Default Monitoring Net Traffic From the Console or Another Comptuer

On Sunday 15 June 2008, Mike Bird wrote:
> On Sun June 15 2008 20:16:19 Hal Vaughan wrote:
> > Is there any program (I couldn't find one) that I can run on this
> > computer, via SSH, that will give me packet info I can scan in the
> > same way I do with Wireshark when I've got X on a system?
>
> tshark can display packets in realtime or capture to a pcap file
> which can be copied across the network for display in wireshark.

I'm looking into that. Unfortunately it's not in Sarge. I have found a
few since I posted by changing my search terms. (I tend to always pick
what sounds like good search terms that don't give me good hits!)

I just started looking at tcpdump, but I'm not sure if it'll give more
than packet headers. Unfortunately, I need to get this done tonight
and this is the big hold up -- once I clear this, the rest will be
easy, so it's one of those cases where I'm hoping I can find an easy to
use tool that I don't have to spend hours learning how to configure.


Hal


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 06-16-2008, 03:43 AM
Mike Bird
 
Default Monitoring Net Traffic From the Console or Another Comptuer

On Sun June 15 2008 20:31:32 Hal Vaughan wrote:
> On Sunday 15 June 2008, Mike Bird wrote:
> > On Sun June 15 2008 20:16:19 Hal Vaughan wrote:
> > > Is there any program (I couldn't find one) that I can run on this
> > > computer, via SSH, that will give me packet info I can scan in the
> > > same way I do with Wireshark when I've got X on a system?
> >
> > tshark can display packets in realtime or capture to a pcap file
> > which can be copied across the network for display in wireshark.
>
> I'm looking into that. Unfortunately it's not in Sarge. I have found a
> few since I posted by changing my search terms. (I tend to always pick
> what sounds like good search terms that don't give me good hits!)
>
> I just started looking at tcpdump, but I'm not sure if it'll give more
> than packet headers. Unfortunately, I need to get this done tonight
> and this is the big hold up -- once I clear this, the rest will be
> easy, so it's one of those cases where I'm hoping I can find an easy to
> use tool that I don't have to spend hours learning how to configure.

I don't have any systems running Sarge but the Packages file in the
repository says that Sarge includes tethereal, which was tshark before
the name change.

I used to use tcpdump and it was pretty good but these days the
ethereal/wireshark family seem to do a better job of analyzing
packets.

--Mike Bird


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 06-16-2008, 03:51 AM
Hal Vaughan
 
Default Monitoring Net Traffic From the Console or Another Comptuer

On Sunday 15 June 2008, Mike Bird wrote:
> On Sun June 15 2008 20:31:32 Hal Vaughan wrote:
> > On Sunday 15 June 2008, Mike Bird wrote:
> > > On Sun June 15 2008 20:16:19 Hal Vaughan wrote:
> > > > Is there any program (I couldn't find one) that I can run on
> > > > this computer, via SSH, that will give me packet info I can
> > > > scan in the same way I do with Wireshark when I've got X on a
> > > > system?
> > >
> > > tshark can display packets in realtime or capture to a pcap file
> > > which can be copied across the network for display in wireshark.
> >
> > I'm looking into that. Unfortunately it's not in Sarge. I have
> > found a few since I posted by changing my search terms. (I tend to
> > always pick what sounds like good search terms that don't give me
> > good hits!)
> >
> > I just started looking at tcpdump, but I'm not sure if it'll give
> > more than packet headers. Unfortunately, I need to get this done
> > tonight and this is the big hold up -- once I clear this, the rest
> > will be easy, so it's one of those cases where I'm hoping I can
> > find an easy to use tool that I don't have to spend hours learning
> > how to configure.
>
> I don't have any systems running Sarge but the Packages file in the
> repository says that Sarge includes tethereal, which was tshark
> before the name change.
>
> I used to use tcpdump and it was pretty good but these days the
> ethereal/wireshark family seem to do a better job of analyzing
> packets.

After your suggestion, I did find tethereal, but it doesn't seem to have
as much as tshark. I found it in the Sarge backports, along with
wireshark-common, which it needed. I got it up and running, dumped the
output to a file and loaded it in with Wireshark on my workstation, so
it's doing what I need now.

Thanks!


Hal


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 06-16-2008, 01:03 PM
"Douglas A. Tutty"
 
Default Monitoring Net Traffic From the Console or Another Comptuer

On Sun, Jun 15, 2008 at 11:16:19PM -0400, Hal Vaughan wrote:

> Is there any program (I couldn't find one) that I can run on this
> computer, via SSH, that will give me packet info I can scan in the same
> way I do with Wireshark when I've got X on a system?
>
> And if that doesn't work, is there a way to get Wireshark to read what
> goes between other NICs?
>
> The workstation is the only computer on the LAN with X, so I can't run
> Wireshark on any server or firewall system.
>

Why not put wireshark on the target box, set up ssh with X-forwarding,
run wireshark on the server from the workstation via xterm sshing to the
target box? It will run on the server but display on the workstation.

Doug.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 06-16-2008, 02:23 PM
Hal Vaughan
 
Default Monitoring Net Traffic From the Console or Another Comptuer

On Monday 16 June 2008, Douglas A. Tutty wrote:
> On Sun, Jun 15, 2008 at 11:16:19PM -0400, Hal Vaughan wrote:
> > Is there any program (I couldn't find one) that I can run on this
> > computer, via SSH, that will give me packet info I can scan in the
> > same way I do with Wireshark when I've got X on a system?
> >
> > And if that doesn't work, is there a way to get Wireshark to read
> > what goes between other NICs?
> >
> > The workstation is the only computer on the LAN with X, so I can't
> > run Wireshark on any server or firewall system.
>
> Why not put wireshark on the target box, set up ssh with
> X-forwarding, run wireshark on the server from the workstation via
> xterm sshing to the target box? It will run on the server but
> display on the workstation.

I thought of that, but figured I'd run into a lot of dependency issues.
I didn't follow the entire tree, but I know Ethereal (the target box is
still on Sarge for a while longer) needs gtk, and I haven't checked
from there just what other graphic packages or such it needed.

Also I'd have to change my settings on the workstation, since I'm logged
in to the target box under a different username and I remember that I'd
have to dig into the X config somewhere to let X display a program run
under a different user name than the one I'm logged in as.

Thanks for the idea, but for now tshark is handling it. Unfortunately,
I missed the deadline. The system I was working with went down for
upkeep at midnight and today my system is doing work until at least
5:30 so I have to leave it alone until then.


Hal


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 06-20-2008, 12:07 PM
"M. Piscaer"
 
Default Monitoring Net Traffic From the Console or Another Comptuer

Hal Vaughan schreef:
I have a workstation and several other computers on my LAN, all running
Linux -- either Debian or Ubuntu (Kubuntu for the workstation, Sarge on
the rest -- please don't start on the version, I'll be updating it in
my copious amounts of free time one year).


I am connecting to a computer through ssh and running some Perl programs
on it. I need to be able to see what is going out from that computer
to a web site so I can verify the HTTP headers and data going both
ways. If this were on the workstation, I'd use Wireshark, but this
system is console only and I'm not about to install X on it and deal
with switching monitors for this one issue.


Is there any program (I couldn't find one) that I can run on this
computer, via SSH, that will give me packet info I can scan in the same
way I do with Wireshark when I've got X on a system?


And if that doesn't work, is there a way to get Wireshark to read what
goes between other NICs?


The workstation is the only computer on the LAN with X, so I can't run
Wireshark on any server or firewall system.



Thanks!

Hal





I use tcpdump in an situation like that. With the option -w filename
-s0, you capture all of the packets in an file. With scp i copy the file
to the local machine, en use wireshare to analise the file.


Regards,

Michiel Piscaer


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 10:51 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org