Difference between revisions of "Remote monitoring"
| Line 21: | Line 21: | ||
to determine the name of the interface to listen to on the development board. | to determine the name of the interface to listen to on the development board. | ||
| − | The final dash (-) before the pipe (|) is a redirection of the standard output to the pipe and, as you can see, wireshark reads from what comes through the pipe. The -k option tells Wireshark to start immediately. | + | The final dash (-) before the pipe (|) is a redirection of the standard output to the pipe and, as you can see, wireshark reads from what comes through the pipe. The -k option tells Wireshark to start immediately. The standard output data, form tcpdump, is automagically sent over the ssh connection back to the host and piped into wireshark. |
Note: The graphical version of Wireshark comes on some systems in either ''wireshark-gtk'' or ''wireshark-qt'' for GTK based desktops (like GNOME) or qt base desktops (like KDE) or on other systems just as wireshark. Find out which one is available for you. | Note: The graphical version of Wireshark comes on some systems in either ''wireshark-gtk'' or ''wireshark-qt'' for GTK based desktops (like GNOME) or qt base desktops (like KDE) or on other systems just as wireshark. Find out which one is available for you. | ||
Latest revision as of 15:28, 4 February 2018
Sometimes it can be difficult to determine why a network application doesn't work as expected. Wireshark and Tcpdump are two utilities that can help you monitor the packets going back and forth between two computers.
tcpdump can capture packets on the network interface and output the caputred data to the console - or to a file. (See man tcpdump)
Wireshark is a graphical program showing the captured data in a easily readable way. A powerful tool. See more over at [1]
Wireshark can read dumps made by tcpdump, so on your development board without graphical display you can set-up tcpdump to dump captured packets into a file. Wireshark can read the output file from tcpdump if you move to your development host.
If you have a network connection to your development board you can watch the traffic live by issuing a command like this:
$] ssh root@target_IP_address -p 22 tcpdump -U -s0 'not port 22' -i enp6s0 -w - | wireshark-qt -k -i -
What this command does is that it creates a SSH connection to the target on target_IP_address and normally it is port 22 ssh listens on, but you may have configured it to listen on another port. (ssh root@target_IP_address -p 22). It may be convienien to have a passwordless, i.e. using your ssh keys, so you don't have to login every time.
Over at the target we execute tcpdump with a number of commandline arguments of which two are of interest (tcpdump -U -s0 'not port 22' -i enp6s0 -w -): The port number that the ssh connection is made on (typical port 22) - we don't want to have that traffic to clutter up our dump. Second point of interest is the ethernet adapter, here it is enp6s0, but it could also be like eth0 or similar.
Use
ip ato determine the name of the interface to listen to on the development board.
The final dash (-) before the pipe (|) is a redirection of the standard output to the pipe and, as you can see, wireshark reads from what comes through the pipe. The -k option tells Wireshark to start immediately. The standard output data, form tcpdump, is automagically sent over the ssh connection back to the host and piped into wireshark.
Note: The graphical version of Wireshark comes on some systems in either wireshark-gtk or wireshark-qt for GTK based desktops (like GNOME) or qt base desktops (like KDE) or on other systems just as wireshark. Find out which one is available for you.
