Using CentOS 5.2 or Red Hat Enterprise Linux 5, install and run Wireshark (formerly Ethereal) over the command line.

Install Wireshark:

yum install wireshark

Run a capture:

tethereal -i eth1 -w ~/mycapture.pcap

This command will run Wireshark/Ethereal, capture on the eth1 interface and output the data to /yourhomedir/mycapture.pcap

Why would you want to do this? If you want to capture packets from a headless or remote Linux PC and analyse the data elsewhere.

Right now I’m at home, but I have a headless CentOS box at work that’s running ntop from a mirrored port, in order to look at network traffic flowing over the router. To increase the capability of the CentOS box, I want to use it to capture packets using Wireshark, then download the .pcap file over WinSCP and look at the data on my laptop using Wireshark for Windows.