Wireshark is a free and open source packet analyser. It is used for network troubleshooting, analysis, software and communications protocol development, and education.
This is not a well advertised feature but it is possible to use Wireshark to monitor the traffic on a third machine. This may come in handy when one is interested to study a remote system under monitoring. So, it is possible for machine C to analyse the traffic between machines A and B, without having to be placed between them.
Just run the following on the local machine C.
$ mkfifo /tmp/remote
$ wireshark -k -i /tmp/remote
$ ssh root@remote "tcpdump -s 0 -U -n -w - -i eth0 not port 22" > /tmp/remote
However, this requires the use of `tcpdump` on the remote machine, which can only be used by the root user on the remote machine.
0 Comments