News: This forum is now permanently frozen.
Pages: [1]
Topic: Remote capture capabilities (Wireshark / WinPCap)  (Read 12766 times)
« on: November 28, 2007, 16:54:13 »
Pokot0 *
Posts: 1

M0n0 is great and I love it!

One feature that you might want to consider is enabling remote network capture (winpcap / wireshark). Read this:

http://www.winpcap.org/docs/docs_41b2/html/group__remote.html

Network capture helps a lot when troubleshooting network problems.

Hope the community shares my idea!

Thank you! Smiley
« Reply #1 on: February 15, 2008, 13:34:14 »
haggi *
Posts: 1

... I'd like to expand this:

capture at selectable interfaces
- physical interfaces (eth0,...)
- logical interfaces (ipsec,..)

This would be great when having PPPoE connection
problems (no IP address assigned). And it is getting
more and more difficult to get real hub10 or hub100
hardware for traffic capturing.

Another idea would be to use m0n0 as a bridge running
on a service notebook with two interfaces. Combined
with packet capturing .... wow.

For long term capturing maybe there is a way to store
a pcap-file on a separate ftp/tftp server.

Thanks.
« Reply #2 on: July 23, 2009, 14:20:06 »
Hex *
Posts: 4

One more vote for this feature!
« Reply #3 on: August 30, 2010, 05:40:57 »
zedman *
Posts: 12

please please PLEASE add this, +1 vote!
« Reply #4 on: August 31, 2010, 23:11:10 »
brushedmoss ****
Posts: 446

you could upload tcpdump and ncat via /exec.php and run tcpdump piped to ncat pointing to a remote machine runing wireshark ?

ncat  http://ftp6.tw.freebsd.org/FreeBSD/ports/i386/packages-6-stable/net/nc-1.0.1_1.tbz

tcpdump http://ftp6.tw.freebsd.org/FreeBSD/ports/i386/packages-6-stable/net/tcpdump-4.1.1.tbz

tcpdump -n -s 0 -w - | ncat 111.111.111.111:44444

where 111.111.111.111 is you system with wireshark running

wireshark -k -i <(nc -l -p 44444)
« Last Edit: August 31, 2010, 23:17:07 by brushedmoss »
« Reply #5 on: September 26, 2011, 01:51:09 »
mascool *
Posts: 1

Tried Pokot0's suggestion but ran into an error saying lipcap.so.1 could not be found.

Grabbed http://ftp6.tw.freebsd.org/FreeBSD/ports/i386/packages-6-stable/net/libpcap-1.1.1.tbz and copied libpcap.so.1.1.1 to /tmp on the device, renamed it to libpcap.so.1.

I'm now getting an error saying Shared object "libsmi.so.2" not found, required by "tcpdump". Still looking for a package that has that file, maybe someone knows how to get it working?

George
« Reply #6 on: October 08, 2011, 23:28:49 »
Јаневски ***
Posts: 153

Not long ago I've tried that using the latest version of m0n0 and I've run into libraries not found problems.

« Reply #7 on: August 04, 2013, 03:33:27 »
priller *
Posts: 2


This is a feature that would be of great benefit. 

Please consider adding this.
« Reply #8 on: August 05, 2013, 01:07:26 »
Lee Sharp *****
Posts: 517

This is one of those things that will never be resolved.  Adding it would be a large potential security risk, and up the requirements significantly.  And many people want to keep m0n0wall lean and mean.  That said, pfSense may be a good alternative, as it has a lot of additional things that can just plug in.  It does have a larger footprint, however.
« Reply #9 on: December 30, 2013, 04:08:47 »
azdps **
Posts: 63

I guess this is somewhat related. I created a custom m0n0wall version 1.8.1b552 that includes the following for tcpdump testing purposes:

tcpdump
ncat
csh shell

The csh shell can be accessed from the m0n0wall console menu.


http://www.datafilehost.com/d/7c703bf9 (generic img)

http://www.datafilehost.com/d/e0f46ac4 (serial img)

http://www.datafilehost.com/d/fd229b5f (iso)

« Last Edit: December 30, 2013, 04:12:33 by azdps »
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines