#7 Remote Host

[Anonymous]

Would it be possible to get a server / client versionn
that would let me monitor traffic on another machine?

Say I have a webserver that doesn't have a GUI
installed, I could put the server on that and connect
remotely to it, and get it to graph just like does now.

[R. Ghetta]

Logged In: YES
user_id=611026

Yes, it' s something I'd also like to build, but don' t hold
your breath waiting for it :)

[Javier Fernandez-Sanguino Peña]

You actually do not need to provide this in etherape since you can use tcpdump and the wonderful 'socat' tool to set a client and server and send the capture files on one side to a different host.

Suppose you have host 'A' where you are sniffing traffic and host 'B' where you want to run Etherape. 'A' has tcpdump and socat installed and 'B' just Etherape.

You can get a server-client connection doing the following:

- (on server B) Run: socat -u TCP4-LISTEN:5000 /tmp/capture_from_A.cap
- (on server A) Run: tcpdump -ni eth0 -w - | socat -u STDIN TCP4:IP_ADDRESS_OF_B:5000
- (on server B) Run: etherape -r /tmp/capture_from_A.cap

This will start a server in 'B' first, then a capture in 'A' which will send all the output to 'B' and then you just use etherape to view the capture file.

I just cherry-picked TCP port 5000, but you can use any TCP port you like as long as it is allowed between 'A' and 'B'.

For more information read the socat manpage.

Note: This can also be done locally if you want to monitor an interface at the same time as you record the information in a PCAP file, just use 127.0.0.1 as your 'B' IP address