I want to stream the tcpdump data to a stream on a computer where there is wireshark.

Has anyone done this?

  • In wireshark there is such a thing as Remote Interfaces. - Pavel Mayorov
  • to shake? Do you just want to see what tcpdump collects in wireshark? You can also simply save to a file and then download this file. - KoVadim
  • no, it does not roll every time to drag the file from the server, and I have more than 100 servers - xmaster83
  • automation is our everything !. make a script that can run tcpdump on a remote server and then transfer the pcap file locally with the opening in wireshark. - KoVadim
  • The task is not to drive the files, but to create the stream. - xmaster83

1 answer 1

I found a solution on Mikrotik and on Tsisk if anyone needs these links.

http://blog.mistifiks.ru/2015/06/mikrotik-tcpdump-wireshark.html

http://avz.org.ua/wp/2009/09/14/catalyst-port-mirroring/

  • Not very good solutions - in the same place they offer to configure the packages to be constantly mirrored For 100 servers you will score the entire network. - Pavel Mayorov
  • Responses links should be avoided . Mention the essence of the decision right in the answer. - jfs
  • In a mikrotik like the filter is configured, and you have other solutions ?? wireshark doesn’t intend with remote interface version - xmaster83