If you are on a Cisco router, you may want to use the debug ip packet IOS Command but then you have probably heard (and experienced?) that turning on debugging on a production network can have serious performance impacts. If you’re keen to try it out you can grab it from GitHub – Scratch’n’Sniff and start streaming packets remotely.Have you ever been in a difficult position as a Network Engineer where you keep troubleshooting a problem but you are not making headway? In certain instances like that, you just wish you can see what is really happening with each packet in the traffic flow. Python3 scratchnsniff.py -dstip 10.98.1.2 -packetfilter 'sctp or icmp' -interface lo Python3 scratchnsniff.py -dstip 10.0.1.252 -packetfilter 'port 5060' -interface enp0s25Ĭapture all sctp and icmp traffic on interface lo and send it to 10.98.1.2:
Introducing Scratch’n’Sniff, a simple tcpdump front end that encapsulates all the filtered traffic of interest in TZSP the same as Mikrotiks do, and stream it (in real time) to your local machine for real time viewing in Wireshark.Ĭapture all traffic on port 5060 on interface enp0s25 and send it to 10.0.1.252 If only there was something I could use to get this same functionality on remote machines – without named pipes, X11 forwarding or any of the other “hacky” solutions… The Solution Discover I had not run the PCAP for long enough and repeatīeing a Mikrotik user I fell in love with the remote packet sniffer functionality built into them, where the switch/router will copy packets matching a filter and just stream them to the IP of my workstation.Change permissions on PCAP file created so I can copy it.Hope that I have run it for long enough to capture the event of interest.The Problemīut if you’re anything like me, you’re working on remote systems from your workstation, and trying to see what’s going on. A lesson learned a long time ago in Net Eng, is that packet captures (seldom) lie, and the answers are almost always in the packets.
0 kommentar(er)
