![]() Use a hub and Wireshark (instructions below). This is commonly performed as a troubleshooting step to give the technician more information on what could be happening.ģ. If you’re keen to try it out you can grab it from GitHub – Scratch’n’Sniff and start streaming packets remotely.Occasionally our Technical Assistance Center (TAC) might ask you for a packet capture. Python3 scratchnsniff.py -dstip 10.98.1.2 -packetfilter 'sctp or icmp' -interface lo Python3 scratchnsniff.py -dstip 10.0.1.252 -packetfilter 'port 5060' -interface enp0s25Ĭapture all sctp and icmp traffic on interface lo and send it to 10.98.1.2: Introducing Scratch’n’Sniff, a simple tcpdump front end that encapsulates all the filtered traffic of interest in TZSP the same as Mikrotiks do, and stream it (in real time) to your local machine for real time viewing in Wireshark.Ĭapture all traffic on port 5060 on interface enp0s25 and send it to 10.0.1.252 If only there was something I could use to get this same functionality on remote machines – without named pipes, X11 forwarding or any of the other “hacky” solutions… The Solution Discover I had not run the PCAP for long enough and repeatīeing a Mikrotik user I fell in love with the remote packet sniffer functionality built into them, where the switch/router will copy packets matching a filter and just stream them to the IP of my workstation.Change permissions on PCAP file created so I can copy it. ![]() Hope that I have run it for long enough to capture the event of interest.The Problemīut if you’re anything like me, you’re working on remote systems from your workstation, and trying to see what’s going on. A lesson learned a long time ago in Net Eng, is that packet captures (seldom) lie, and the answers are almost always in the packets.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |