- You want to capture a lot of network traffic that is flowing through your libreCMC router.
- You don’t have much disk space on your libreCMC router, so you need that traffic streamed to your desktop computer.
- You want to analyze the traffic with Wireshark.
On the Desktop
christopher@nightshade:~/Scratch$ nc -l -p 30293 > out.pcap
On this side, netcat (nc) listens (-l) on port (-p) 30293, and dumps incoming data to out.pcap file.
On the Router
On the libreCMC router, you need tcpdump and netcat:
root@libreCMC:~# tcpdump -i eth1 udp port 51413 -w - | nc 10.0.0.3 30293 tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
Tcpdump captures the network traffic you want.
- -i eth1 means capture from interface eth1, in this case my WAN interface.
- udp port 51413 means capture UDP protocol data with source or destination port 51413 (my Bitorrent port). See the Manual page for other expressions.
- -w – means save the packet data and send it to the standard output stream.
Netcat (nc) streams this data over TCP to IP address 10.0.0.3 (my desktop computer) port 30293.
Once you have as many packets as your heart desires, CTRL-C one of the processes, and then run Wireshark on the pcap data:
christopher@nightshade:~/Scratch$ wireshark out.pcap
Then use Wireshark to display cool looking graphs!
Often desktop computer firewalls are configured to block incoming ports by default. So you may need to open that incoming port — port 30293 in the example.
1 thought on “Stream Captured Network Traffic”
Great use of wireshark and tcpdump!