LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 07-02-2012, 06:10 AM   #1
LittleMaster
Member
 
Registered: Jun 2012
Posts: 98
Blog Entries: 1

Rep: Reputation: Disabled
How to check the traffic flow using wireshark in centos 6.2 in command line


Hi
I had installed wireshark in centos 6.2 server .How can i monitor the traffic flow of my server using command line. Since,i do not have graphical gui to monitor the traffic flow.Any help regarding commands to monitor the traffic flow using wirshark

tethereal -i eth0 -w ~/mycapture.pcap

I could not find the output mycapture.pcap in my home directory

Last edited by LittleMaster; 07-02-2012 at 06:16 AM.
 
Old 07-02-2012, 07:44 AM   #2
grim76
Member
 
Registered: Jun 2007
Distribution: Debian, SLES, Ubuntu
Posts: 275

Rep: Reputation: 46
Try using tcpdump to monitor the traffic flow.

as root:
Code:
tcpdump -i <interface_name> -w ~<username>/capture.cap
 
Old 07-02-2012, 07:54 AM   #3
LittleMaster
Member
 
Registered: Jun 2012
Posts: 98
Blog Entries: 1

Original Poster
Rep: Reputation: Disabled
I tried out tcp dump, but never seemd to be working
#tcpdump -i eth0
-bash: tcpdump: command not found

# yum install wireshark
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.widexs.nl
* extras: mirror.widexs.nl
* updates: mirror.widexs.nl
Setting up Install Process
Package wireshark-1.2.15-2.el6_2.1.x86_64 already installed and latest version
Nothing to do
[root@sws~]# wireshark -v
-bash: wireshark: command not found
[root@sws ~]#

Last edited by LittleMaster; 07-02-2012 at 07:57 AM.
 
Old 07-02-2012, 08:20 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,386

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
Slightly confusingly, the "wireshark" package doesn't contain the "wireshark" program. That's found in "wireshark-gnome" usually. This is because putting in the GUI would put dependencies on X for a package which is highly useful without X installed. As you have it installed it at present, you have the "tshark" package to use on a command line, which works very similar to tcpdump.

where did the reference to tethereal come from (which is the older version of tshark)? is that lifted from a guide you found or something?

IF tethereal does still work (maybe an symlink to tshark?) then the file WILL be in your home directory, so maybe it didn't execute in the first place.

Last edited by acid_kewpie; 07-02-2012 at 08:22 AM.
 
Old 07-02-2012, 08:23 AM   #5
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,386

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
Quote:
Originally Posted by grim76 View Post
Try using tcpdump to monitor the traffic flow.

as root:
Code:
tcpdump -i <interface_name> -w ~<username>/capture.cap
Worth noting that "~<username>/" is incorrect. it would just be "~/" as per the OP's original post.
 
Old 07-02-2012, 08:56 AM   #6
LittleMaster
Member
 
Registered: Jun 2012
Posts: 98
Blog Entries: 1

Original Poster
Rep: Reputation: Disabled
Thanks for ur reply,

I have been using wireshark in almost in Gui interface .I had never tried out wireshark monitor in command line.I have been using tcpdump to monitor in remote system ,Currently tcpdump -i etho failing to execute in my server .So i tried to install wireshark toll,But i could not find commandline to get the wireshark to get network traffic report .

# yum install wireshark-gnome

# wireshark -v
wireshark 1.2.15

Copyright 1998-2011 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.18.9, (64-bit) with GLib 2.22.5, with libpcap 1.0.0, with
libz 1.2.3, without POSIX capabilities, with libpcre 7.8, with SMI 0.4.8,
without c-ares, without ADNS, without Lua, with GnuTLS 2.8.5, with Gcrypt 1.4.5,
with MIT Kerberos, without GeoIP, without PortAudio, without AirPcap.

Running on Linux 2.6.32-220.17.1.el6.x86_64, with libpcap version 1.0.0, GnuTLS
2.8.5, Gcrypt 1.4.5.

Built using gcc 4.4.6 20110731 (Red Hat 4.4.6-3).
[root@ ~]#
 
Old 07-02-2012, 09:12 AM   #7
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,386

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
well there is no "traffic report" available. What are you actually after?
 
Old 07-02-2012, 10:59 AM   #8
grim76
Member
 
Registered: Jun 2007
Distribution: Debian, SLES, Ubuntu
Posts: 275

Rep: Reputation: 46
Quote:
Originally Posted by acid_kewpie View Post
Worth noting that "~<username>/" is incorrect. it would just be "~/" as per the OP's original post.

I was under the impression that ~username/filename would dump into that users home location. Unless I am missing something.
 
Old 07-02-2012, 02:00 PM   #9
arun5002
Member
 
Registered: Aug 2011
Location: Chennai,India
Distribution: Redhat,Centos,Ubuntu,Dedian
Posts: 549
Blog Entries: 5

Rep: Reputation: Disabled
Hi
Look after these link

http://www.commandlinefu.com/command...sh-w-wireshark


Quote:
ssh root@ipaddress 'tshark -f "port !22" -w -' | wireshark -k -i -
 
Old 07-02-2012, 02:23 PM   #10
Kustom42
Senior Member
 
Registered: Mar 2012
Distribution: Red Hat
Posts: 1,566

Rep: Reputation: 411Reputation: 411Reputation: 411Reputation: 411Reputation: 411
Arun, that is for monitoring a remote system on port 22 locally and doesn't really address the original posters problem.

I am curious as to why the tcpdump command is failing, can you provide some more info on that LittleMaster? What is reporting to stdout or to the messages file when the command is run?

Secondly, the most important question here is what do you want to see?

tshark, tcpdump, etc.. all have immense functionality built in and you can get info on whatever you are looking for if you know the right command. Give us some insight on what you are looking for so you can get a good answer.
 
Old 07-03-2012, 01:58 AM   #11
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,386

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
Quote:
Originally Posted by grim76 View Post
I was under the impression that ~username/filename would dump into that users home location. Unless I am missing something.
~ *IS* the username. both together makes no sense.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
wireshark traffic landorone1 Linux - Mobile 1 12-19-2011 01:36 PM
How to I let traffic flow? bogie5464 Linux - Newbie 2 05-15-2011 03:00 PM
Unix Command Line Tool for Monitoring Outbound Traffic? belsokar Linux - Networking 2 05-19-2010 01:22 PM
Command Line Password Check jedediah Linux - Security 4 12-09-2004 03:01 PM
Command Line Traffic monitor JJX Linux - Networking 4 05-09-2004 11:49 PM


All times are GMT -5. The time now is 08:00 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration