Wireshark on CentOS

Wireshark is a GUI tool used to analyze network traffic. While there is a linux GUI you can run from gnome if you have it installed, we’ll run the GUI from a Mac OSX desktop here (windows version also available) and load the data captured from a CentOS server from the command line.

Installing Wireshark on CentOS

Wireshark packages are included in the base repo, as are the requirements so you can install via yum.

yum -y install wireshark

Capture data with Wireshark

This command will begin capturing packets going over eth0, to stop capturing hit ctrl-c. The output file will be mentioned when starting, it should look like /tmp/wireshark_eth0_timestamp.

dumpcap -i eth0

Now just scp this output file over to your desktop and open from within Wireshark. Wireshark GUI tutorials to follow.