Snort mailing list archives
Re: remote tcpdump
From: Darryl Luff <dluff () iitscdm com au>
Date: Wed, 20 Aug 2003 10:47:53 +1000
You can run sniffers remotely using a pipe. Run tcpdump remotely (using ssh or whatever) and get it to write it's output to stdout (-w -), and then pipe the output into tcpdump or ethereal running at your end. Just make sure that the remote tcpdump is not capturing your ssh traffic!:
ssh root@remoteserver tcpdump -s 4444 -w - port 80 | ethereal -i - -k or ssh root@remoteserver tcpdump -s 4444 -w - port 80 | tcpdump -s 4444 -r - Scott, Joshua wrote:
Check this tool out. I've never used it so I'm not sure how well it works, but it seems to be what you are looking for.http://rpcap.sourceforge.net/ Thanks, Joshua Scott Security Architect, CISSP -----Original Message----- From: sauron [mailto:sauron () linuxvalpo cl] Sent: Saturday, August 16, 2003 11:02 PM To: snort-users () lists sourceforge net Subject: [Snort-users] remote tcpdumpare there any remote sniffer aka tcpdump or ethereal alike program that run on a remote machine and send the info to a another pc, let says encap. inssh? or im just dreaming about it? ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET.http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ============================================================================== NOTICE - This communication may contain confidential and privilegedinformation that is for the sole use of the intended recipient. Any viewing,copying or distribution of, or reliance on this message by unintended recipients is strictly prohibited. If you have received this message inerror, please notify us immediately by replying to the message and deletingit from your computer. ==============================================================================
------------------------------------------------------- This SF.net email is sponsored by Dice.com. Did you know that Dice has over 25,000 tech jobs available today? From careers in IT to Engineering to Tech Sales, Dice has tech jobs from the best hiring companies. http://www.dice.com/index.epl?rel_code=104 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- remote tcpdump sauron (Aug 16)
- Re: remote tcpdump Javier Liendo (Aug 17)
- Re: remote tcpdump twig les (Aug 17)
- Logging Snort data as statistic data in Postgresql. samwun (Aug 18)
- Re: Logging Snort data as statistic data in Postgresql. Bryan Irvine (Aug 18)
- Re: remote tcpdump twig les (Aug 17)
- Re: remote tcpdump Javier Liendo (Aug 17)
- <Possible follow-ups>
- RE: remote tcpdump Scott, Joshua (Aug 19)
- Re: remote tcpdump Darryl Luff (Aug 19)