Wireshark · Ethereal-users: Re: [Ethereal-users] how to sniff a remote moachine

Ethereal-users: Re: [Ethereal-users] how to sniff a remote moachine

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Olivier Abad <oabad@xxxxxxx>

Date: Sat, 19 May 2001 02:09:03 +0200

On Fri, May 18, 2001 at 01:25:42PM -0700, Guy Harris wrote:
> > Is it possible to sniff the packets of a remote machine with ethereal?
> 
> The code in Ethereal that sniffs packets itself can only sniff packets
> on the machine on which it's running.
> 
> However, if you run a program on a remote machine that writes a capture
> file to its standard output (e.g. if you do
> 
> 	rsh <remote machine> tcpdump -s 65535 -i <interface> -w -
> 
> ) and redirect the output of that to a FIFO file, and then run Ethereal
> with a capture "device" that's the pathname of that FIFO file, Ethereal
> will be able to read the capture from that FIFO file.

It also works with a pipe :
rsh host tcpdump -s 1600 -i eth0 -w - | ethereal -klS -i -

Olivier
-- 
Of course you can't flap your arms and fly to the moon.  After a while you'd
run out of air to push against.

References:
- [Ethereal-users] how to sniff a remote moachine
  - From: Tony Wong
- Re: [Ethereal-users] how to sniff a remote moachine
  - From: Guy Harris

Prev by Date: Re: [Ethereal-users] how to sniff a remote moachine
Next by Date: [Ethereal-users] Ethereal and Windows ME OS
Previous by thread: Re: [Ethereal-users] how to sniff a remote moachine
Next by thread: RE: [Ethereal-users] how to sniff a remote moachine
Index(es):
- Date
- Thread