On Mon, Jun 28, 2004 at 09:45:35PM +0200, Pierre JUHEN wrote:
> I would like to use ethereal in the following configuration :
>
> I have a remote site with a high volume. On this site, I would like to put
> a PC to capture and filter the traffic to get only very few packets, using
> tethereal probably.
>
> I would like the filtered packet to be sent real time to a central console
> and diplayed using ehteral.
>
> How could I do that ?
With recent versions of tethereal[1] and the help of netcat
(http://netcat.sourceforge.net/) you can do it as follows. hosta
does the capturing, hostb is the host with does displaying:
hostb# nc -l -p 4711 | tethereal -n -l -i -
hosta# tethereal -l -F libpcap -i ppp0 -w - $filterexpression | nc hostb 4711
With the GUI version of ethereal you have to use a little trick, since it does
not seem to read from stdin; but it can read from pipes (correct me if
i'm wrong):
hostb# mkfifo mypipe
hostb# nc -l -p 4711 >> mypipe
hostb# ethereal &
--> Capture -> Start
--> Interface: $PATH/mypipe
hosta# tethereal -l -F libpcap -i ppp0 -w - $filterexpression | nc hostb 4711
Maybe there are better methods than this one, but this works for me. Using UDP
with netcat might be even a better idea, but i never used it (yet). If you are
very paranoid you could use openssl to encrypt the raw-data on the fly...
> Regards,
>
> Pierre
HTH, Alex.
[1] 0.9.4 which is included with Debian Woody does not work. It does not like
to write to pipes. 0.10.4 works perfectly.
--
This is my signature. There are many of them, but this one is mine.
Attachment:
pgpQ7PACISo4z.pgp
Description: PGP signature
