Of course I am assuming that you have ssh access to a remote machine where GNS3-server is running. And as I use exclusively Linux on all of my machines, this guide will cover this OS only.
So here we are, first step would be to right-click on a link in you topology and choose "Start capture". Then, as usual, right-click again and choose "Start Wireshark". After that error message will pop up, telling us that capture file cannot be found. Indeed, it is located on a remote server, while wireshark is trying to find it locally.
This message, however, is useful, as it contains full path to a actual pcap-file on a remote server, and what you need to do is to highlight and copy it to clipboard.
Then open you favorite terminal and type
mkfifo /tmp/pcap
of course, you can use whatever filename you like instead of /tmp/pcap.
Next, type
ssh YOU_GNS3_SERVER "tail -f -c +0b FULL_PATH_TO_PCAP_COPIED_FROM_ERROR_MESSAGE" > /tmp/pcap
using full path you previously copied from the error message. Next, open a new terminal window and type there
wireshark -k -i /tmp/pcap &
After that your wireshark should start, displaying intercepted traffic from remote server.
Sure there are more ways to make it work, like mounting remote project directory using nfs or ssh, and maybe even more; however, in my opinion this is the easiest one as it doesn't require any additional software or settings.
Enjoy!
No comments:
Post a Comment