0

I have this setup:

                                    ________Company LAN_______
 _________                     .  '|              _________
|         |                       .| BUNCH OF    |         |
| Server1 |-->                  .  | SECURITY    | MyHost  |
|_________|                       .|             |_________|
                               .   |__________________________

My main objective is to see what packages Server1 sends.

Server1 sends periodically packets to a specified target IP that I can change. If I set MyHost as the target IP and use Wireshark, I won't be able to capture anything because of the company's firewall.

For that reason I need a Server outside of the company which runs a sniffer or something, like in the pic below:

                                    ________Company LAN_______
 _________         _________       |              _________
|         |       |         |      | BUNCH OF    |         |
| Server1 |--->---| Server2 |      | SECURITY    | MyHost  |
|_________|       |_________|      |             |_________|
                       |           |__________________|_______
                       '------------------------------'

Does something like that exist? Any other ideas?

Pithikos
  • 129
  • 5
  • 1
    Yes, there is. No, we do not recommend a service or product here. Good ASCII art, btw. - I like it. – TomTom Aug 18 '14 at 09:42
  • 1
    @TomTom Yes, and I apologize. But I have no idea where else to ask.. – Pithikos Aug 18 '14 at 09:48
  • @TomTom I wonder why you cannot recommend a solution for the OP's problem? – Pat Aug 18 '14 at 10:01
  • 1
    `tcpdump -i eth0 -s0 -Uw file.pcap` – kasperd Aug 18 '14 at 10:56
  • @Pat Because the solution is not as simple as your simplified case answer and besides the rules of this site not allowing software/service recommendations. heck, copying this is something i could do on any step in my network with a router command. But I do not know the OPs exact scenario and will not give - as you - a totally wrong answer. – TomTom Aug 18 '14 at 12:16
  • @TomTom thanks for editing your previous post and removing the included disrespectful terms. Now I'm challenging you to prove here why mine is "a totally wrong answer" as you said. I really think yours are just big words w/o any supporting fact. – Pat Aug 18 '14 at 20:19

3 Answers3

1

Remote sniffing with Wireshark is one alternative

Running i.e. rpcapd in Server2 capturing its received traffic and you remotely running wireshark from MyHost.

Wireshark Capture Options

Of course the communication between the remote capture daemon and your Wireshark has to clear your security layer.

Pat
  • 3,339
  • 2
  • 16
  • 17
  • Which Wireshark version is that? I don't see the remote option on Wireshark 1.10.6. – kasperd Aug 18 '14 at 10:54
  • @kasperd ; sorry I just took a picture corresponding to an old version of wireshark; please see now included the one that corresponds to v 1.10.5 – Pat Aug 18 '14 at 13:56
  • I found the `Interface Management` window already, but it only has the first two tabs `Pipes` and `Local Interfaces`. The `Remote Interfaces` tab simply isn't there. – kasperd Aug 18 '14 at 17:09
  • check your version; "Remote Interfaces" is there https://www.wireshark.org/docs/wsug_html_chunked/ChCapManageInterfacesSection.html – Pat Aug 18 '14 at 20:25
0

I found a nifty service in the end

http://requestb.in

It's pretty much a sniffer for HTTP messages. Since Server1 in my case sends HTTP messages, this service worked great for me!

Pithikos
  • 129
  • 5
0

A nice (free) application is NTOPNG http://www.ntop.org/products/ntop/ (earlier NTOP) which I am using for years already. With this application you can add "probes" in your network and gather this data in a centralised way.

However, this application does not give you deep level info like Wireshark, but it is a great way to track network traffic and analyse which packets were sent by whom (in case you use e.g. a span-port).

NTOP is available for a lot of linux distributions. (e.g. apt-get install ntop)

Skiaddict
  • 116
  • 1
  • 10