If you’re keen to try it out you can grab it from GitHub – Scratch’n’Sniff and start streaming packets remotely. Python3 scratchnsniff.py -dstip 10.98.1.2 -packetfilter 'sctp or icmp' -interface lo Python3 scratchnsniff.py -dstip 10.0.1.252 -packetfilter 'port 5060' -interface enp0s25Ĭapture all sctp and icmp traffic on interface lo and send it to 10.98.1.2: Introducing Scratch’n’Sniff, a simple tcpdump front end that encapsulates all the filtered traffic of interest in TZSP the same as Mikrotiks do, and stream it (in real time) to your local machine for real time viewing in Wireshark.Ĭapture all traffic on port 5060 on interface enp0s25 and send it to 10.0.1.252 Before using remote packet capture, you must install the. If only there was something I could use to get this same functionality on remote machines – without named pipes, X11 forwarding or any of the other “hacky” solutions… The Solution Remote packet capture sends captured packets to the Wireshark packet analyzer installed on a PC. Discover I had not run the PCAP for long enough and repeatīeing a Mikrotik user I fell in love with the remote packet sniffer functionality built into them, where the switch/router will copy packets matching a filter and just stream them to the IP of my workstation.Change permissions on PCAP file created so I can copy it.Hope that I have run it for long enough to capture the event of interest.The Problemīut if you’re anything like me, you’re working on remote systems from your workstation, and trying to see what’s going on. A lesson learned a long time ago in Net Eng, is that packet captures (seldom) lie, and the answers are almost always in the packets.
0 kommentar(er)
