LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Blogs > Musings on technology, philosophy, and life in the corporate world
User Name
Password

Notices

Hi. I'm a Unix Administrator, mathematics enthusiast, and amateur philosopher. This is where I rant about that which upsets me, laugh about that which amuses me, and jabber about that which holds my interest most: Unix.
Rate this Entry

openbsd tcpdump + wireshark

Posted 02-27-2013 at 10:50 AM by rocket357

I'm taking a class in a few days to delve into some deeper packet analysis than I've done before, and the instructor is a wireshark fanatic. Wireshark can be compiled on OpenBSD, but it has a reputation for security issues. I need a way to capture with tcpdump (privileged) and decode with wireshark (unprivileged) in realtime. Simple enough:

visudo (add "my_user ALL=/usr/sbin/tcpdump")
Download and compile wireshark (http://www.cromwell-intl.com/unix/co...n-openbsd.html Don't install wireshark, though).

Create .profile function:

Code:
##################
function wireshark
##################
{
    sudo tcpdump -i em0 -w - "$@" | $HOME/wireshark-1.8.5/wireshark -k -i -
}
Then, have fun (i.e. "wireshark 'host some_server and not port 22'").

If you wanted to get creative, you could even pipe the tcpdump output over ssh (i.e. remote capture, local decode). The possibilities are endless.
Posted in Uncategorized
Views 591 Comments 0
« Prev     Main     Next »
Total Comments 0

Comments

 

  



All times are GMT -5. The time now is 10:38 PM.

Main Menu

My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration