Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

how to capture remote computer ip using wireshark

Posted on 2011-03-16
8
Medium Priority
?
1,152 Views
Last Modified: 2012-05-11
I want to capture a remote computer's ip address using wireshark.
By default the wireshark's capture option displays only the local computers ip address.
I have the option of using wireshark on both linux and windows.
0
Comment
Question by:pvinodp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 35154108
On my copy of WireShark 1.2.0, there are two columns labeled 'Source' and 'Destination' and both IPs are clearly shown.
0
 

Author Comment

by:pvinodp
ID: 35154135
Hi Dave,
I think you are talking about the screen on which you see the output after/while capturing.
I am refereing to the option of capturing the packets from a remote machine. I mean the traffic at the remote machine's ipaddress.
By default [when u click Capture->Interfaces] you only see the ipaddress of your local computer. Can I change it is there any other option to capture the packets at a remote system.
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 35154145
No, you can't capture from the other end.  That would require access to the device driver on the other machine.  Unless you are able to login to that machine, you can't get that kind of access.
0
Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

 

Author Comment

by:pvinodp
ID: 35154265
hi
I can ssh to that system. Will that help?
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 35154287
Only if that will allow you to run Wireshark on that machine.  Wireshark only works on the machine that it is running on.
0
 
LVL 12

Expert Comment

by:profgeek
ID: 35156350
Is the remote system in your network?  If so, you could try placing a system with Wireshark  connected to a hub, and capture all network traffic.  
0
 
LVL 4

Accepted Solution

by:
undersky earned 2000 total points
ID: 35158677
You can't Capture packets on remote server (only if u not hacked it)

 btw, if u have ssh, and login, you can run tcpdamp in ssh session

in linux it's look like

 #tcpdamp -i eth0  (0,1,2,3....* -number of intreface, if u have only one, just use "eth0"), so if u want logging all tcp packets, you need Both machines running on Linux, so u can use

ssh -X distanation

and then run wireshark in terminal, they run as your own, but before start recive packets, filter ssh, or u flooded by your own packages.

other way u can run tcpdamp and save all in file, then just read it..

looks like

# touch tcp.log
# tcpdamp -i eth0 |grep "here your filter rulz(no grep if want all packages WARN (you can overflood self)" &>> tcp.log
0
 

Author Closing Comment

by:pvinodp
ID: 35324983
Thanks for your inputs
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
In this article, we’ll look at how to deploy ProxySQL.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question