Sniffing Traffic Remotely

J G
J G used Ask the Experts™
on
How can I wireshark sniff traffic on another work site that I connect thru VPN/VNC from my laptop?  Do I have to run wireshark from a local workstation that is on the subnet I am dialing into?  Is there a way to configure SPAN/port mirroring when I am working remotely from my laptop?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Business Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018
Commented:
You can try putting Wire Shark on the remote machine and then log into the remote machine to see what is happening.

You can use Comm View (Tamosoft) and Tamosoft Remote Agent to do this. Not free but top drawer product.
nociSoftware Engineer
Distinguished Expert 2018

Commented:
In stead of wireshark, there is the tshark tool, (part of wireshark) that accepts a command line invocation.
(It saves on the need of having remote graphic access.)

Also be sure to filter all traffic to YOUR system from the remote system as that is the traffic you don't want to see. (adding it will also add MORE traffic).
Best would be to run tshark from a shell script. to not contaminate the traffic recording with the remote access.

(Span port requires some certain models of switches that allow remote spanning).
I agree with John, it' may be easier to simply have a local host at the remote site. You can then connect to it and hop on your switch to do capture traffic. There's something called RSPAN but it requires certain type of devices and infrastructure to work.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
Thank you and good luck with checking the other site.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial