Relay/forward captured packtes

Fellow members,

Got a small question, How can one relay/forward the packet captured on unix/linux machine to a network device using ftp/tftp/any other mechanism.

I've got a wireless network controller and I am into a situation, in which i need to run the packet capture for a day or two for multiple issues. I can not put a specific filter. I can do this on the wireless controller for a short time because the onboard flash is only 256mb. Tshark and dumpcap are the only packet cap tools on this controller. I am need of figuring out, how to relay or forward the captured packets to an offbox server on my network.

I thank you for your help in advance.

user309761

Posted 2014-06-10T11:52:00.663

Reputation: 11

Answers

Perhaps you can add a hub/switch with port mirroring capabilities just behind the wireless controller. You can then capture all packets using a standard PC w/ enough disk space. See the image below, imagine your wireless controller is connected to port 4 and the uplink to the rest of the network is on port 8. You can then connect your sniffing PC to port 1.

port mirror example

mtak

Posted 2014-06-10T11:52:00.663

Reputation: 11 805

You can perform a "remote" capture with Wireshark;

you capture the traffic in the PC with the memory constraint which automatically sends the captured traffic to the Wireshark station running on a different PC. This mode require a regular PC runing Wiereshark and a wireshark module running on the device under test.

Pat

Posted 2014-06-10T11:52:00.663

Reputation: 2 593