THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Running Wireshark on a Remote Server: CentOS Linux 6.9

I am sure this must have been asked before, however my search didn't come up with a helpful answer.

I am in the UK and I lease a dedicated server in the USA. So I have used pUTTY to login to my server and use yum to install Wireshark.

My server is running: CentOS Linux 6.9 Perl version 5.010001 Apache version 2.2.15 PHP versions 5.3.3 MySQL version 5.1.73.

How do I "see" the traffic that Wireshark is detecting on my Windows10 PC here in the UK ?

If necessary I can run a virtual linux box with VMware.

Do I use a client software running here in my windows pc to connect to the server?

Any help would be very much appreciated.

If there is documentation for this in the docs, and I have missed it please send me a link.

Many Thanks. Dave

Dave-London's avatar
1
Dave-London
asked 2018-11-29 13:25:59 +0000, updated 2018-11-29 13:27:39 +0000
edit flag offensive 0 remove flag close merge delete

Comments

Are you attempting to capture traffic on the server and view it on your desktop?

grahamb's avatar grahamb (2018-11-29 15:22:00 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

Hi Dave, Are you trying to see the traffic between your computer in the UK and the leased computer in the USA? If so, and assuming you only want to see that traffic, you can run Wireshark so it only records that traffic.

Launch Wireshark on the leased server. In the middle of the screen it says "Capture...using this filer:". Get the IP address from your local computer, and enter "host 192.168.1.35" or whatever your actual IP address is.

Then, when you start the capture, Wireshark will only show the traffic between your computer and the server.

Alternatively, you can install and run Wireshark on your computer in the UK, for the host filter use the IP for the remote server, and do the same thing. Depending on what you are trying to do you might want one, or the other, or both.

FYI - you can also use the FQDN instead of the IP address. For instance, "host myserver.hostedhere.com" instead of "host 192.168.1.35".

Malloy's avatar
11
Malloy
answered 2018-11-29 15:05:25 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer