Using CentOS 5.2 or Red Hat Enterprise Linux 5, install and run Wireshark (formerly Ethereal) over the command line.
Install Wireshark:
yum install wireshark
Run a capture:
tethereal -i eth1 -w ~/mycapture.pcap
This command will run Wireshark/Ethereal, capture on the eth1 interface and output the data to /yourhomedir/mycapture.pcap
Why would you want to do this? If you want to capture packets from a headless or remote Linux PC and analyse the data elsewhere.
Right now I’m at home, but I have a headless CentOS box at work that’s running ntop from a mirrored port, in order to look at network traffic flowing over the router. To increase the capability of the CentOS box, I want to use it to capture packets using Wireshark, then download the .pcap file over WinSCP and look at the data on my laptop using Wireshark for Windows.
i want to ask how can i open GUI of wireshark in linux?
thanks
regards,
To install a wireshark GUI type:
yum install wireshark-gnome
let it install, then find wireshark in Applications->Internet of Linux.
Do remember that to install Wireshark first day you initially need to go:
yum install wireshark
-M
Hi,
Is it possible to filter the packets that are sniffed on the linux box? by executing the command tethereal -i eth1 -w ~/mycapture.pcap, it captures all the packets. I know we can filter the results on the wireshark program but what I was looking at was to only sniff SIP packets in the first place. I am not interested on the other protocols. Your expert advice would be greatly appreciated.
CK
you need to install wireshark-gnome for graphical window and u have to use graphical desktop session .
Thanks for the post! I’m kinda noob in RHEL and didn’t know the wireshark-gnome thing! Ubuntu spoiled me…
Thanks!!!!!