is there some way to get dumpcap without installing wireshark on ubuntu server?
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
is there some way to get dumpcap without installing wireshark on ubuntu server?
So I was hoping to do some analysis of network activity on a virtual machine running Ubuntu 16 server. I've got Wireshark on my workstation to do the analysis but need to capture the packets on the VM. Wireshark uses dumpcap.
I've searched the Ubuntu system for dumpcap but apt-cache search finds nothing. I can install wireshark but great googly moogly does it install a lot of stuff:
Code:
$ sudo apt-get install wireshark
[sudo] password for sneakyimp:
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
linux-headers-4.4.0-31 linux-headers-4.4.0-31-generic linux-image-4.4.0-31-generic
linux-image-extra-4.4.0-31-generic
Use 'sudo apt autoremove' to remove them.
The following additional packages will be installed:
geoip-database-extra gstreamer1.0-plugins-base javascript-common libauthen-sasl-perl libc-ares2
libcdparanoia0 libegl1-mesa libencode-locale-perl libevdev2 libfile-basedir-perl
libfile-desktopentry-perl libfile-listing-perl libfile-mimeinfo-perl libfont-afm-perl libfontenc1
libgbm1 libgraphite2-3 libgstreamer-plugins-base1.0-0 libgstreamer1.0-0 libgudev-1.0-0 libharfbuzz0b
libhtml-form-perl libhtml-format-perl libhtml-parser-perl libhtml-tagset-perl libhtml-tree-perl
libhttp-cookies-perl libhttp-daemon-perl libhttp-date-perl libhttp-message-perl libhttp-negotiate-perl
libinput10 libio-html-perl libio-socket-ssl-perl libipc-system-simple-perl libjs-openlayers
liblua5.2-0 liblwp-mediatypes-perl liblwp-protocol-https-perl libmailtools-perl libmtdev1
libnet-dbus-perl libnet-http-perl libnet-smtp-ssl-perl libnet-ssleay-perl libnl-route-3-200 libopus0
liborc-0.4-0 libpcre16-3 libproxy1v5 libqgsttools-p1 libqt5core5a libqt5dbus5 libqt5gui5
libqt5multimedia5 libqt5multimedia5-plugins libqt5multimediawidgets5 libqt5network5 libqt5opengl5
libqt5printsupport5 libqt5svg5 libqt5widgets5 libsbc1 libsmi2ldbl libtheora0 libtie-ixhash-perl
libtimedate-perl liburi-perl libvisual-0.4-0 libwacom-bin libwacom-common libwacom2 libwayland-client0
libwayland-server0 libwireshark-data libwireshark6 libwiretap5 libwsutil6 libwww-perl
libwww-robotrules-perl libx11-protocol-perl libxaw7 libxcb-icccm4 libxcb-image0 libxcb-keysyms1
libxcb-randr0 libxcb-render-util0 libxcb-render0 libxcb-shape0 libxcb-shm0 libxcb-util1 libxcb-xfixes0
libxcb-xkb1 libxcomposite1 libxft2 libxkbcommon-x11-0 libxkbcommon0 libxml-parser-perl
libxml-twig-perl libxml-xpathengine-perl libxpm4 libxrandr2 libxtst6 libxv1 libxxf86dga1
qttranslations5-l10n wireshark-common wireshark-qt x11-utils x11-xserver-utils xdg-utils
Suggested packages:
gvfs libdigest-hmac-perl libgssapi-perl libvisual-0.4-plugins gstreamer1.0-tools libdata-dump-perl
libcrypt-ssleay-perl opus-tools libthai0 libqt5libqgtk2 qt5-image-formats-plugins qtwayland5
snmp-mibs-downloader wireshark-doc libauthen-ntlm-perl libunicode-map8-perl libunicode-string-perl
xml-twig-tools mesa-utils nickle cairo-5c xorg-docs-core gvfs-bin
The following NEW packages will be installed:
geoip-database-extra gstreamer1.0-plugins-base javascript-common libauthen-sasl-perl libc-ares2
libcdparanoia0 libegl1-mesa libencode-locale-perl libevdev2 libfile-basedir-perl
libfile-desktopentry-perl libfile-listing-perl libfile-mimeinfo-perl libfont-afm-perl libfontenc1
libgbm1 libgraphite2-3 libgstreamer-plugins-base1.0-0 libgstreamer1.0-0 libgudev-1.0-0 libharfbuzz0b
libhtml-form-perl libhtml-format-perl libhtml-parser-perl libhtml-tagset-perl libhtml-tree-perl
libhttp-cookies-perl libhttp-daemon-perl libhttp-date-perl libhttp-message-perl libhttp-negotiate-perl
libinput10 libio-html-perl libio-socket-ssl-perl libipc-system-simple-perl libjs-openlayers
liblua5.2-0 liblwp-mediatypes-perl liblwp-protocol-https-perl libmailtools-perl libmtdev1
libnet-dbus-perl libnet-http-perl libnet-smtp-ssl-perl libnet-ssleay-perl libnl-route-3-200 libopus0
liborc-0.4-0 libpcre16-3 libproxy1v5 libqgsttools-p1 libqt5core5a libqt5dbus5 libqt5gui5
libqt5multimedia5 libqt5multimedia5-plugins libqt5multimediawidgets5 libqt5network5 libqt5opengl5
libqt5printsupport5 libqt5svg5 libqt5widgets5 libsbc1 libsmi2ldbl libtheora0 libtie-ixhash-perl
libtimedate-perl liburi-perl libvisual-0.4-0 libwacom-bin libwacom-common libwacom2 libwayland-client0
libwayland-server0 libwireshark-data libwireshark6 libwiretap5 libwsutil6 libwww-perl
libwww-robotrules-perl libx11-protocol-perl libxaw7 libxcb-icccm4 libxcb-image0 libxcb-keysyms1
libxcb-randr0 libxcb-render-util0 libxcb-render0 libxcb-shape0 libxcb-shm0 libxcb-util1 libxcb-xfixes0
libxcb-xkb1 libxcomposite1 libxft2 libxkbcommon-x11-0 libxkbcommon0 libxml-parser-perl
libxml-twig-perl libxml-xpathengine-perl libxpm4 libxrandr2 libxtst6 libxv1 libxxf86dga1
qttranslations5-l10n wireshark wireshark-common wireshark-qt x11-utils x11-xserver-utils xdg-utils
0 upgraded, 112 newly installed, 0 to remove and 2 not upgraded.
Need to get 44.9 MB of archives.
After this operation, 188 MB of additional disk space will be used.
Is there some way to easily get a wireshark-readable packet dump from a VM without installing this avalanche of stuff?
* pcapng. A flexible, etensible successor to the libpcap format. Wireshark 1.8 and later save files as pcapng by default. Versions prior to 1.8 used libpcap.
* libpcap. The default format used by the libpcap packet capture library. Used by tcpdump, _Snort, Nmap, Ntop, and many other tools.
* Oracle (previously Sun) snoop and atmsnoop
ubuntu repo has some promising-looking options.
pcap:
aha...there's also tshark which is apparently terminal-based version of wireshark. Its install looks much less intrusive than wireshark:
Code:
$ sudo apt-get install tshark
[sudo] password for sneakyimp:
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
linux-headers-4.4.0-31 linux-headers-4.4.0-31-generic linux-image-4.4.0-31-generic
linux-image-extra-4.4.0-31-generic
Use 'sudo apt autoremove' to remove them.
The following additional packages will be installed:
geoip-database-extra javascript-common libc-ares2 libjs-openlayers liblua5.2-0 libsmi2ldbl
libwireshark-data libwireshark6 libwiretap5 libwsutil6 wireshark-common
Suggested packages:
snmp-mibs-downloader wireshark-doc
The following NEW packages will be installed:
geoip-database-extra javascript-common libc-ares2 libjs-openlayers liblua5.2-0 libsmi2ldbl
libwireshark-data libwireshark6 libwiretap5 libwsutil6 tshark wireshark-common
0 upgraded, 12 newly installed, 0 to remove and 2 not upgraded.
Need to get 24.8 MB of archives.
After this operation, 105 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
If I can get the j.o.b. done with fewer tools/, I'm all ears.
But wireshark requires a gui and you're processing on a local workstation.
Fewer deps with dumpcap?
tshark on Ubuntu 14.04.5 LTS shows wireshark-common as a dep.
wireshark install has a boatload of other stuff you don't need to install IMO.
libpcap seems to be the common denominator in these packages.
tcpdump is a good solid base or "standard" if I may say so.
A wireshark "user" on a headless-server for this task is unnecessary, IMO.
</opinion>
But I don't use wireshark on servers.
I'm gonna kick back and let some others chime in.
Maybe I missed something.
But wireshark requires a gui and you're processing on a local workstation.
Fewer deps with dumpcap?
tshark doesn't require gui. It has docs which describe how you can analyze a dump file via terminal commands.
Quote:
Originally Posted by Habitual
tcpdump is a good solid base or "standard" if I may say so.
I was prepared to use tcpdump, but I'll be using a wireshark GUI (on a separate machine) to analyze the dump files and the WS docs say that the default file format is slightly newer. This is why I've chosen to go with tshark.
Quote:
Originally Posted by Habitual
A wireshark "user" on a headless-server for this task is unnecessary, IMO.
</opinion>
But I don't use wireshark on servers.
Strictly speaking, this 'server' is not really a server but just a VM for monitoring installation actions for some security analysis. It would be impractical to run WS or dumpcap on any production server. The files would be enormous!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.