This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Capturing Packets Between 2 Remote Systems

0

Is is possible to capture TCP packets traveling between two remote systems that are not directed to the Wireshark host computer?

I need to intercept traffic between an old Redhat Linux 2.4 computer and a discontinued 20-year-old machine that is controlled via TCP/IP in order to analyze it's communication protocol so I can control it with a modern computer. All systems are connected via a legacy Netgear Hub. I am able to open a Telnet connection and capture packets between the Wireshark computer and the machine, but I cannot see any traffic traveling directly between the Redhat Linux computer and the machine.

The IP addresses are as follows:

Wireshark Computer (Windows 10) - 192.168.200.68

3rd Party Equipment (Not a Computer) - 192.168.200.63, 192.168.200.64, 192.168.200.65

Redhad Linux 2.4 Computer - Unknown, Probably something like 192.168.200.67

Is there a way to do this?

asked 19 Oct '17, 09:55

dcs's gravatar image

dcs
6223
accept rate: 0%

2 Answers:

0

Capturing packets requires access to the physical connection the packets travel trough. They won't take a detour to your Wireshark PC, you have to put your Wireshark were they are visible. In your case the hub would be a perfect spot, but you need to be connected directly to it and it really needs to be a hub (some "hubs" are switches in reality, and you won't see the packets).

For more information on capture setups, check the following links:

https://wiki.wireshark.org/CaptureSetup/Ethernet

https://blog.packet-foo.com/2016/10/the-network-capture-playbook-part-1-ethernet-basics/

answered 19 Oct '17, 10:15

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Thanks for the quick answers.

To Jasper, I am connected to the Hub and I can intercept traffic if I communicated directly to the machine with the Wireshark Windows computer. The HUB is a real HUB, not a switch. I will review your links.

To Jaap, how do I learn about setting up the SSH connectin? This is a very old version of Redhat.

(19 Oct '17, 10:44) dcs

Your answer has been converted to a comment as that's how this site works. Please read the FAQ for more information.

(19 Oct '17, 23:30) Jaap ♦

0

Provided that:

  1. You have SSH access to the Redhat box
  2. There's tcpdump installed in that box

You can use the remote capture options of Wireshark, which allows you to capture traffic through an SSH tunnel.

answered 19 Oct '17, 10:33

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%