How to monitor packets from a remote interface in real time

I was trying to debug a connection to the internet that should be controlled by tc, the tool linux uses to do traffic shaping. The scenario is this:

  • All outbound traffic through one interface using a specific IP port should not block the rest of the traffic.

  • Some other ports and protocols are given priority (ie: interactive traffic using ssh)

But it was failing. tc is quite complicated to get it properly working. For testing purposes, we were using a combination of wireshark (or ethereal), netcat and iptraf to see how the bandwidth was used. My boss showed me a way to get all this working together which is quite handy. I hope he doesn’t mind at all if I share it with you :-).Imagine we have 3 computers:

  • hostA: our personal computer

  • hostB: where we are doing traffic shaping

  • hostC: a test computer where we are going to send data so we can test everything.

right, imagine we want to control port 3000 on hostB. For that purpose, we will set up a netcat instance listening on hostC on such port:

golan@hostC:~$ nc -l -p 3000

So we can now send data to such port using netcat as well:

golan@hostB:~$ cat /dev/urandom | nc hostC 3000

This way we can send data and test the connection.

Capturing traffic on hostC

We can use wireshark on hostC in a tricky way to see what’s going on. So, we use something like this:

golan@hostA:~$ rm capture; mkfifo capture;

golan@hostA:~$ ssh root@hostC tcpdump -s 0 -U -n -w - -i eth0 tcp port 3000 > capture

We create a FIFO named capture and we capture traffic on hostC, on port 3000 and write it to the standard output which in fact is redirected to the FIFO we have just created.

Wireshark

So now, we launch wireshark, and configure it to capture data from the FIFO we created as the interface file:

If we now click on statistics->IO Graph we can get a nice traffic graph

which can help us to debug the application

IPTraf

Alternately we can use iptraf, where we can have a window like this one:

Measuring bandwidth consumption

Now, you can test the connection by sending data using netcat as seen above.

I guess there are many more ways to do this, but found this one to be nice. Just drop a comment if you think there are nicer ways to do this :-)

More Reading
Newer// Firefox trick
Older// Last FM
comments powered by Disqus