How to capture live traffic on a remote Linux server and how to view it in Wireshark on the local Windows machine?

Question

This is related to this question: How to Capture Remote System network traffic?

I would like to be able to export live traffic captured on a Linux server and to view that in real time on my Windows machine.

Please do not suggest SPAN or RSPAN because it does not apply to my needs. This is about internal traffic (VM traffic) that tshark can see without any problems, I would just like to watch the traffic on my desk (Windows machine) with Wireshark

If real time is not a requirement, you can save the capture into a file and open it in Windows. — user4098326, Mar 14 '15 at 12:38

score 2 · Accepted Answer · answered Mar 15 '15 at 17:13

2

You should use the tool rpcapd in the machine (A) that you want to capture the traffic:

rpcapd -n -p <port>

With -n is launched without authentication

Finally, in the other machine (B) go to Wireshark > Capture > Interfaces > Options > Manage Interfaces > Remote Interfaces

And you should see the traffic of Machine (A)

answered Mar 15 '15 at 17:13

sinkmanu

1,034
1
12
24

Sounds very promising, it is exactly what I was looking for. Now it is on my to do list, I will get back to this thread when I am done with the testing. Thanks a lot! – MiniMe Mar 16 '15 at 02:45

score 0 · Answer 2 · answered Mar 15 '15 at 14:08

0

I think that the only viable way to do it is to use Wireshark with X11 remote desktop. VNC may also work but you don't really use the Windows System resources to display the results, everything is still processed on the Linux server.

answered Mar 15 '15 at 14:08

MiniMe

1,057
4
22
47

How to capture live traffic on a remote Linux server and how to view it in Wireshark on the local Windows machine?

2 Answers2