Wireshark

[Karl Garen]

Hi,

I just heard about a tool called wireshark and wanted to know if anyone has installed it on the same server running cloverleaf (such as on an AIX server).    If so, could you briefly describe your experience?  Was it useful (

I know it depends on the scenario’s experienced).  Any concerns running it on the same server (as say the cloverleaf test environment) for example?

Thank you in advance.

Karl Garen
Sr. Programmer Analyst
University of Vermont Medical Center
Burlington, Vermont

Topic

[Keith McLeod]

Usually a Sys admin on UNIX will run something like tcpdump and dump a trace to a file.  You can then take that output file and perform an analysis in Wireshark.

NAME

      tcpdump – dump traffic on a network

DESCRIPTION

      Tcpdump  prints  out a description of the contents of packets on a net-

      work interface that match the boolean expression.  It can also  be  run

      with the -w flag, which causes it to save the packet data to a file for

      later analysis, and/or with the -r flag, which causes it to read from a

      saved packet file rather than to read packets from a network interface.

      In all cases, only packets that match expression will be  processed  by

      tcpdump.

[Charlie Bursell]

Karl:

We in integration have used Wireshark for many years.  It is an excellent TCP/IP sniffer that is very useful to solve arguments about whose side of the interface has problems.

Wirshark is free and good.  There are better, more expensive sniffers but you can’t beat Wireshark for occasional use.

Wireshark will capture packets in a promicuous mode and you can then analyze.

It is a bit arcane to use but there are plenty of tutorials on the web.

Try this site:

http://www.wireshark.org/download.html

[Author]

Replies