How to check the traffic flow using wireshark in centos 6.2 in command line
Hi
I had installed wireshark in centos 6.2 server .How can i monitor the traffic flow of my server using command line. Since,i do not have graphical gui to monitor the traffic flow.Any help regarding commands to monitor the traffic flow using wirshark tethereal -i eth0 -w ~/mycapture.pcap I could not find the output mycapture.pcap in my home directory |
Try using tcpdump to monitor the traffic flow.
as root: Code:
tcpdump -i <interface_name> -w ~<username>/capture.cap |
I tried out tcp dump, but never seemd to be working
#tcpdump -i eth0 -bash: tcpdump: command not found # yum install wireshark Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.widexs.nl * extras: mirror.widexs.nl * updates: mirror.widexs.nl Setting up Install Process Package wireshark-1.2.15-2.el6_2.1.x86_64 already installed and latest version Nothing to do [root@sws~]# wireshark -v -bash: wireshark: command not found [root@sws ~]# |
Slightly confusingly, the "wireshark" package doesn't contain the "wireshark" program. That's found in "wireshark-gnome" usually. This is because putting in the GUI would put dependencies on X for a package which is highly useful without X installed. As you have it installed it at present, you have the "tshark" package to use on a command line, which works very similar to tcpdump.
where did the reference to tethereal come from (which is the older version of tshark)? is that lifted from a guide you found or something? IF tethereal does still work (maybe an symlink to tshark?) then the file WILL be in your home directory, so maybe it didn't execute in the first place. |
Quote:
|
Thanks for ur reply,
I have been using wireshark in almost in Gui interface .I had never tried out wireshark monitor in command line.I have been using tcpdump to monitor in remote system ,Currently tcpdump -i etho failing to execute in my server .So i tried to install wireshark toll,But i could not find commandline to get the wireshark to get network traffic report . # yum install wireshark-gnome # wireshark -v wireshark 1.2.15 Copyright 1998-2011 Gerald Combs <gerald@wireshark.org> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled with GTK+ 2.18.9, (64-bit) with GLib 2.22.5, with libpcap 1.0.0, with libz 1.2.3, without POSIX capabilities, with libpcre 7.8, with SMI 0.4.8, without c-ares, without ADNS, without Lua, with GnuTLS 2.8.5, with Gcrypt 1.4.5, with MIT Kerberos, without GeoIP, without PortAudio, without AirPcap. Running on Linux 2.6.32-220.17.1.el6.x86_64, with libpcap version 1.0.0, GnuTLS 2.8.5, Gcrypt 1.4.5. Built using gcc 4.4.6 20110731 (Red Hat 4.4.6-3). [root@ ~]# |
well there is no "traffic report" available. What are you actually after?
|
Quote:
I was under the impression that ~username/filename would dump into that users home location. Unless I am missing something. |
Hi
Look after these link http://www.commandlinefu.com/command...sh-w-wireshark Quote:
|
Arun, that is for monitoring a remote system on port 22 locally and doesn't really address the original posters problem.
I am curious as to why the tcpdump command is failing, can you provide some more info on that LittleMaster? What is reporting to stdout or to the messages file when the command is run? Secondly, the most important question here is what do you want to see? tshark, tcpdump, etc.. all have immense functionality built in and you can get info on whatever you are looking for if you know the right command. Give us some insight on what you are looking for so you can get a good answer. |
Quote:
|
All times are GMT -5. The time now is 02:41 PM. |