Solved

how to capture remote computer ip using wireshark

Posted on 2011-03-16
8
1,134 Views
Last Modified: 2012-05-11
I want to capture a remote computer's ip address using wireshark.
By default the wireshark's capture option displays only the local computers ip address.
I have the option of using wireshark on both linux and windows.
0
Comment
Question by:pvinodp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 35154108
On my copy of WireShark 1.2.0, there are two columns labeled 'Source' and 'Destination' and both IPs are clearly shown.
0
 

Author Comment

by:pvinodp
ID: 35154135
Hi Dave,
I think you are talking about the screen on which you see the output after/while capturing.
I am refereing to the option of capturing the packets from a remote machine. I mean the traffic at the remote machine's ipaddress.
By default [when u click Capture->Interfaces] you only see the ipaddress of your local computer. Can I change it is there any other option to capture the packets at a remote system.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 35154145
No, you can't capture from the other end.  That would require access to the device driver on the other machine.  Unless you are able to login to that machine, you can't get that kind of access.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:pvinodp
ID: 35154265
hi
I can ssh to that system. Will that help?
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 35154287
Only if that will allow you to run Wireshark on that machine.  Wireshark only works on the machine that it is running on.
0
 
LVL 12

Expert Comment

by:profgeek
ID: 35156350
Is the remote system in your network?  If so, you could try placing a system with Wireshark  connected to a hub, and capture all network traffic.  
0
 
LVL 4

Accepted Solution

by:
undersky earned 500 total points
ID: 35158677
You can't Capture packets on remote server (only if u not hacked it)

 btw, if u have ssh, and login, you can run tcpdamp in ssh session

in linux it's look like

 #tcpdamp -i eth0  (0,1,2,3....* -number of intreface, if u have only one, just use "eth0"), so if u want logging all tcp packets, you need Both machines running on Linux, so u can use

ssh -X distanation

and then run wireshark in terminal, they run as your own, but before start recive packets, filter ssh, or u flooded by your own packages.

other way u can run tcpdamp and save all in file, then just read it..

looks like

# touch tcp.log
# tcpdamp -i eth0 |grep "here your filter rulz(no grep if want all packages WARN (you can overflood self)" &>> tcp.log
0
 

Author Closing Comment

by:pvinodp
ID: 35324983
Thanks for your inputs
0

Featured Post

[Webinar] Code, Load, and Grow

Managing multiple websites, servers, applications, and security on a daily basis? Join us for a webinar on May 25th to learn how to simplify administration and management of virtual hosts for IT admins, create a secure environment, and deploy code more effectively and frequently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
discontiguous network and EIGRP 12 104
New firewall implementation guidance 12 114
Developing a front end to SPLUNK 1 106
Connect remotely to SQL Server DB without TCP/IP enabled? 2 66
Introduction Many times we come across a slowness or instability between two hosts, and almost always we blame the poor networking guys, just because they're an easy target.  Sometimes we forget that other factors including disk bottlenecks, CPU …
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question