Use Wireshark to capture data packets from remote Linux

Use Wireshark to capture data packets from remote Linux

Preface

Wireshark is an essential tool for network researchers. Since Wireshark2.0, it has fully supported the OpenFlow protocol. Wireshark is also a great boon for those who study SDN, today we will introduce a technique-how to use Wireshark to capture data packets from remote Linux. With this technique, we do not need to move a monitor to run around, nor do we have to worry about servers.

Configure Linux

You need to install rpcapd on Linux, and then enable

# Install rpcapd
Sudo apt-get build-dep libpcap-y
Git clone https://github.com/frgtn/rpcapd-linux
Cd./rpcapd-linux/libpcap
./Configure
Make
Cd ..
Make
# Start rpcapd
Sudo./rpcapd-4-n-p 8888
#-P specifies the port on which rpcapd listens
#-N authentication is not enabled, and any host can access rpcapd.

Configure local wireshark

Wireshark2.0 is used as an example to describe how to use wireshark2.0 in Windows.

Click capture in the menu bar to enter the first option options.

Click Manage Interfaces in the lower right corner ···

Click + in the lower left corner to add the host information to be checked according to the linux configuration. Then, you can see the remote interface in the wireshark interface, as shown in.

Although the configuration is relatively simple, I have never known such a method before. If I have mastered this technique and method, I believe it will bring great convenience to my work and study.

Install Wireshark in Ubuntu 13.10

Simple use of Wireshark

Install Wireshark in Ubuntu 12.04

Starting Wireshark packet capture from common users in Linux

Install and run Wireshark in Linux

Wireshark details: click here
Wireshark: click here

This article permanently updates the link address: