Is there a amprnet wiki page with recommendations and notes on just how to do this?
It depends too much on the layout of your network and the equipment and software you are using how to do this. I normally use tshark (terminal version), unfortunately it can only display a condensed version of each packet that does not show how it is tunneled, or a way-to-verbose version where one packet takes up multiple screens full of data.
The GUI version 'wireshark' can nicely fold and unfold all levels of detail but of course it is more difficult to run it inside a router or small Linux system used as a router.
Rob
On Monday, March 7, 2016 8:29:09 PM PST Rob Janssen wrote: ...
The GUI version 'wireshark' can nicely fold and unfold all levels of detail but of course it is more difficult to run it inside a router or small Linux system used as a router.
Running tcpdump on the router with the raw output going to a file and then downloading it to another machine for analysys with wireshark works well. That's how I discovered the foscam camera on my network phoning home to five sites overseas.
-
Ken Koster -
Rob Janssen