Contents<\/h2>\n\n\t- \n\t\tThe problem<\/a>\n\t<\/li>\n\t
- \n\t\tThe tools<\/a>\n\t<\/li>\n\t
- \n\t\tThe solution<\/a>\n\t\t
\n\t\t\t- \n\t\t\t\tStart the netcat listener<\/a>\n\t\t\t<\/li>\n\t\t\t
- \n\t\t\t\tStart wireshark<\/a>\n\t\t\t<\/li>\n\t\t\t
- \n\t\t\t\tStart the sniffing on the sniffer host<\/a>\n\t\t\t<\/li>\n\t\t<\/ul>\n\t
- \n\t\tTodo<\/a>\n\t<\/li>\n<\/ul>\n<\/ul>\n<\/div>\n <\/div>
\n<\/a><\/p>\nThe problem<\/h2><\/span>\n
You like to sniff your firewall. The problem is that the firewall is (of course) a headless linux box without a gui. After half of an hour you’ll get headache from starring at the characters fly bye the screen and you really wish you could look at the beauty of whireshark. This document is going to tell you how this dream could get reality\u00c2\u00a0\ud83d\ude42<\/p>\n
Below is the basic setup:<\/p>\n
![\"\"](\"http:\/\/thebc.ch\/upload\/2011\/01\/Remote-sniffing-thetereal-nc.png\" "\\"Remote-sniffing-thetereal-nc\\"")
<\/a><\/p>\n<\/a><\/p>\nThe tools<\/h2><\/span>\n\n- To transport the data from our sniffing box we will use the “TCP\/IP Swiss Army Knife<\/a>” netcat. You can get it from here<\/a> but it is installed with most *ux distributions.<\/li>\n<\/ul>\n
\n- And of course wireshark<\/a> (formerly ethereal).<\/li>\n<\/ul>\n
<\/a><\/p>\nThe solution<\/h2><\/span>\n
<\/a><\/p>\nStart the netcat listener<\/h3><\/span>\n
First you have to start a netcat listener on the viewer host.<\/p>\n
On linux you have to use the while-loop (hard-listening) because otherways the listener will die if the connection gets interupted. The WIN32 version has the -L flag to archive this.<\/p>\n
One other thing is that with the GUI version of ethereal you have to use a little trick, since it does not seem to read from stdin; but it can read from pipes. So you have to create a FIFO pipe first where the netcat listener can write to:<\/p>\n
- \n\t\t\t
- \n\t\t\t\tStart the netcat listener<\/a>\n\t\t\t<\/li>\n\t\t\t
- \n\t\t\t\tStart wireshark<\/a>\n\t\t\t<\/li>\n\t\t\t
- \n\t\t\t\tStart the sniffing on the sniffer host<\/a>\n\t\t\t<\/li>\n\t\t<\/ul>\n\t
- \n\t\tTodo<\/a>\n\t<\/li>\n<\/ul>\n<\/ul>\n<\/div>\n
<\/div>
\n<\/a><\/p>\nThe problem<\/h2><\/span>\n
You like to sniff your firewall. The problem is that the firewall is (of course) a headless linux box without a gui. After half of an hour you’ll get headache from starring at the characters fly bye the screen and you really wish you could look at the beauty of whireshark. This document is going to tell you how this dream could get reality\u00c2\u00a0\ud83d\ude42<\/p>\n
Below is the basic setup:<\/p>\n
<\/a><\/p>\n<\/a><\/p>\n
The tools<\/h2><\/span>\n
- \n
- To transport the data from our sniffing box we will use the “TCP\/IP Swiss Army Knife<\/a>” netcat. You can get it from here<\/a> but it is installed with most *ux distributions.<\/li>\n<\/ul>\n
- \n
- And of course wireshark<\/a> (formerly ethereal).<\/li>\n<\/ul>\n
<\/a><\/p>\n
The solution<\/h2><\/span>\n
<\/a><\/p>\n
Start the netcat listener<\/h3><\/span>\n
First you have to start a netcat listener on the viewer host.<\/p>\n
On linux you have to use the while-loop (hard-listening) because otherways the listener will die if the connection gets interupted. The WIN32 version has the -L flag to archive this.<\/p>\n
One other thing is that with the GUI version of ethereal you have to use a little trick, since it does not seem to read from stdin; but it can read from pipes. So you have to create a FIFO pipe first where the netcat listener can write to:<\/p>\n
- And of course wireshark<\/a> (formerly ethereal).<\/li>\n<\/ul>\n
- \n\t\t\t\tStart wireshark<\/a>\n\t\t\t<\/li>\n\t\t\t