Showing posts with label wireshark. Show all posts
Showing posts with label wireshark. Show all posts

Monday, 6 August 2012

Wireshark on AWS EC2

Updated on 28th Mars 2014, thanks Imran Hayder for suggestions! In some cases you may need to run wireshark on remote machine, especially if you want to in depth to understand what is going on.
Without any further blah blah, amusing you are using Ubuntu here is how to:

  1. Create EBS, make sure to un-check "delete on termination"
  2. Create and start Ubuntu 12.04 EC2
  3. Log in to it
  4. Check disk name 
    5. sudo fdisk -l
  5. Format disk
    6. sudo mkfs -t ext4 /device/path
  6. Create mount directory
    7. sudo mkdir /home/data-storage
  7. Mount disk
    8. sudo mount /dev/DEVICE /home/data-storage
  8. Make wireshark folder
    9. sudo mkdir /home/data-storage/wireshark
#important change ownership!
sudo chown root:ubuntu /home/data-storage/wireshark
#allow group to read
sudo chmod -R 774 wireshark
  9. Install wireshark
    10. sudo apt-get install wireshark tshark
  10. Run example
    11. sudo su
cd /home/data-storage/wireshark
#tshark will capture eth0 for 10 seconds and save file to my.pcap
tshark -i eth0 -a duration:10 -w my.pcap
  11. Copy file to local
    12. #from your local machine, note intentional line brake due to layout of the blog.
cd wireshark
scp -i your.pem 
   ubuntu@your_ec2_dns.compute.amazonaws.com:/path-to/my.pcap .
Read the comments bellow for trouble shooting. Note, it is not advisable to copy paste commands since you may bet the html representation, and not what you should type in the terminal.

Posted by at 2 comments:
Labels: , , , , , , , ,
Subscribe to: Posts (Atom)