Re: Capture from multiple remote machines

[Ozan T <ozan.tcn () gmail com>]

Hi Patrick ,

Thank you, it works!

Sorry, it is my mistake I thought rpcapd and "Remote Interfaces" wer just
for Windows machines. Here , I see it works well on Linux and BSD also.


Thanks again.


Ozan.

On Wed, Nov 19, 2014 at 1:09 AM, Patrick Klos <patrick () klos com> wrote:

>  On 11/16/2014 7:17 PM, Ozan T wrote:
>
> Hi all,
>
>  I am working in a company that develops network softwares. We often need
> to capture from multiple servers in order to see if there is a packet loss,
> blocked packet, or the original packet altered etc. So, everytime we
> capture from source and destination, then compare captures manually. (
> Generally, we are not allowed to access to switch or anything that stays
> between source and destination )
>
>  I have searched a bit but I think it is not possible to capture from
> multiple machines remotely with wireshark.
>
>
> Why do you think that?
>
>  We really need this feature/tool ( Also, I discussed with some other
> people around me, many of them think that this feature may make things
> easier for them ) . One way or another we will have to develop it. If you
> think such a feature would be useful in wireshark, we would like to target
> wireshark rather than a seperate project.
>
>  Ofcourse, if this is possible with current wireshark, I would like to
> learn :) or if there is an ongoing project about that.
>
>  I just need an idea what you think about that feature in wireshark
> project, then we can plan/discuss things according to it.
>
>
> Have you tried Wireshark's "remote capture" capability.  You'd need to
> install "rpcapd" (from here
> <http://www.winpcap.org/docs/docs_40_2/html/group__remote.html>) to run
> on each remote system you want to capture from.  Then in Wireshark,
> configure and enable all the remote interfaces in Manage Interfaces under
> the Capture Options window.  I just tested capturing from 2 remote sources
> simultaneously, and it seemed to work fine.
>
>  Basic representation of feature after our initial look :
>
>  Connect remote machines via ssh/pipe/rpcap as o now possible for single
> machine
> Capture and merge in real time
>
>
> Depending on the load on the links you want to sniff, real-time may not be
> possible...
>
> Give remote capture a try if you think it'll handle your situation?  Good
> luck!
>
> Patrick Klos
> Klos Technologies, Inc.
> http://www.packetvault.com/
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe