Find the answer to your Linux question:
Results 1 to 8 of 8
Hi, How can I trace packets or view packet logs (packet send/recv time) in Redhat Linux using primitive commands? I am conducting wireless experiments in EMULAB. We connect through ssh ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Sep 2012
    Posts
    4

    Packet Tracing


    Hi,

    How can I trace packets or view packet logs (packet send/recv time) in Redhat Linux using primitive commands?

    I am conducting wireless experiments in EMULAB. We connect through ssh client and get access to shell. However we have access to limited tools. Ultimately I want to calculate packet delay by varying offered load.

    The network topology and node configuration is given in the file attached.

    I would appreciate help in this regards.

    Thanks,
    Faisal

  2. #2
    Just Joined! krokoziabla's Avatar
    Join Date
    Sep 2012
    Location
    Russia
    Posts
    20
    Hi. Did you try WireShark?

  3. #3
    Just Joined!
    Join Date
    Sep 2012
    Posts
    4
    Thanks for the reply Krokoziabla. I have used wireshark earlier but the problem is that, its not installed on EMULAB PCs and moreover we cant install the package due to limited access rights. Is there any way we could generate log or view log.

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Sep 2012
    Posts
    4
    Quote Originally Posted by firadat View Post
    Thanks for the reply Krokoziabla. I have used wireshark earlier but the problem is that, its not installed on EMULAB PCs and moreover we cant install the package due to limited access rights. Is there any way we could generate log or view log.
    tcpdump ?

    tcpdump -i ethX -n -s 0 -w capture.cap

    -i ethX is the interface to capture things on
    -n makes it not resolve names (and generate dns traffic that also gets captured)
    -s is the snap length, set it to 0 and it will capture the whole packet and not just the first bytes.
    -w <file> writes a capture file that in turn can be opened with wireshark.

    if you want to just for example capture http traffic:
    tcpdump -i ethX -n -s 0 tcp port http -w capture.cap

    That works like so

    [edit]
    You'd still have to copy the file off to somewhere with wireshark, its also possible to read the file with tcpdump -r but you'll have to check the man page as I have never had to do this.

  6. #5
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,412
    krokoziabla is right, wireshark or its console counterpart tshark are the correct tools.
    If they are not yet installed, ask the responsible sysadmin to do so.

    Another way is to use the command tcpdump, copy the dump to another machine to do the analyzis via wireshark.
    You must always face the curtain with a bow.

  7. #6
    Just Joined!
    Join Date
    Sep 2012
    Posts
    4
    Quote Originally Posted by Consequator View Post
    tcpdump ?

    tcpdump -i ethX -n -s 0 -w capture.cap

    -i ethX is the interface to capture things on
    -n makes it not resolve names (and generate dns traffic that also gets captured)
    -s is the snap length, set it to 0 and it will capture the whole packet and not just the first bytes.
    -w <file> writes a capture file that in turn can be opened with wireshark.

    if you want to just for example capture http traffic:
    tcpdump -i ethX -n -s 0 tcp port http -w capture.cap

    That works like so

    [edit]
    You'd still have to copy the file off to somewhere with wireshark, its also possible to read the file with tcpdump -r but you'll have to check the man page as I have never had to do this.
    Thanks for the reply. When I execute tcpdump, the following message is displayed "tcpdump: socket: Operation not permitted". I have sent an email to operations, lets see if they give me access rights.

  8. #7
    Just Joined!
    Join Date
    Sep 2012
    Posts
    4
    Quote Originally Posted by Irithori View Post
    krokoziabla is right, wireshark or its console counterpart tshark are the correct tools.
    If they are not yet installed, ask the responsible sysadmin to do so.

    Another way is to use the command tcpdump, copy the dump to another machine to do the analyzis via wireshark.
    Thanks for the reply. I have forwarded an email to operations for granting me access rights.

  9. #8
    Just Joined!
    Join Date
    Sep 2007
    Location
    Silver Spring, MD
    Posts
    95

    Download Packit once you get authorization

    There is a small program that comes with the OS called Packit. If not, you may be able to download it from the internet to y our machine using yum or apt-get

    Code:
    sudo apt-get install packit # Debian
     or
    yum install packit # Linux
    Run the following command from your system if you can download this tool and it works with Wireshark, I just set it up on my machine I was able to look at my ssh session:

    Code:
     packit -m cap -w packit_`date +'%m%d%y_%T'`.log -c 20 -f
    -m mode [cap|inject|trace], capture is the one selected
    -w filename, date and seconds used in the filename
    -c number of packets captured, in this case 20
    -f Do not fragment packet

    Code:
     packit -m cap 'tcp and port 80' -w packit`date +'%m%d%y_%T'`.log -c 20 -f
    -f Do no fragment packet

    Similar to the respondent above, this will capture only web traffic.

    This file can be copied up to wireshark as well (for review).

    Todd
    Last edited by tdsan; 09-13-2012 at 03:28 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •