Ethereal-users: Re: [Ethereal-users] how to sniff a remote moachine

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Olivier Abad <oabad@xxxxxxx>
Date: Sat, 19 May 2001 02:09:03 +0200
On Fri, May 18, 2001 at 01:25:42PM -0700, Guy Harris wrote:
> > Is it possible to sniff the packets of a remote machine with ethereal?
> 
> The code in Ethereal that sniffs packets itself can only sniff packets
> on the machine on which it's running.
> 
> However, if you run a program on a remote machine that writes a capture
> file to its standard output (e.g. if you do
> 
> 	rsh <remote machine> tcpdump -s 65535 -i <interface> -w -
> 
> ) and redirect the output of that to a FIFO file, and then run Ethereal
> with a capture "device" that's the pathname of that FIFO file, Ethereal
> will be able to read the capture from that FIFO file.

It also works with a pipe :
rsh host tcpdump -s 1600 -i eth0 -w - | ethereal -klS -i -

Olivier
-- 
Of course you can't flap your arms and fly to the moon.  After a while you'd
run out of air to push against.