System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

getting network traces.. off a thin client

SOLVED
Go to solution
iinfi1
Super Advisor

getting network traces.. off a thin client

we have a linux thin client and we need to get the network logs of that box. We cannot install anything on the client as we dont have permissions to do it.
is it possible to collect wireshark network trace logs of the thin client by connecting another machine to the same network??
someone from HP support told us to connect the thin client and laptop to a hub and hub to the switch (company network).
i am not too sure whether we can do it this way. we dont have a hum @ our office to test it. any help appreciated.
4 REPLIES
Steven E. Protter
Exalted Contributor

Re: getting network traces.. off a thin client

Shalom,

Yes.

Wireshark and tcpdump both have a host= filter that can be applied either to hostname or ip address.

Any node on the same network (subnet)
can run this trace and get good data.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
iinfi1
Super Advisor

Re: getting network traces.. off a thin client

thank you for your prompt response sir.
i am not sure i understood you correctly.
assume i have machine A and B connected in LAN.
on machine A i have wireshark installed
on machine B i have an application installed which connects to a server in the WAN (machine C).
in such a scnario can we monitor the network packets from machine B to the server on the WAN (machine C)?

thanks
P.S machine A and B are connected in a LAN with an unmanaged switch.
Stephen P. Schaefer
Frequent Advisor
Solution

Re: getting network traces.. off a thin client

Since the wireshark session is not on either end of the conversation, normally the switch will not expose a third system to the traffic, and this won't work. A "hub" was recommended because, unlike a switch, it sends all incoming traffic to all other ports. With a "managed" switch, there is usually a way to specify that all traffic to a specific port is also to be copied to a different port, and using that you could observe the traffic between the router and client. If, as you say, this is an "unmanaged" switch, that facility is probably not available.

Small hubs used to cost about $40 US, but these days they're difficult to find.
iinfi1
Super Advisor

Re: getting network traces.. off a thin client

thanks a lot for the insight Stephen ....