Capturing network traffic on Linux

Question

Question: I have one Windows laptop, one Linux laptop and a wireless router.

Now I want to "investigate" the hotmail/windows live protocol. What I want to do is route network traffic from the windows laptop via ethernet to the linux laptop, capture it on the Linux computer, forward it wirelessly to the router, receive the hotmail response from the router on the linux computer and forward it to the windows computer.

How do I do that? In essence, switching the Linux laptop between the Windows laptop and the router, to capture network traffic ?

Which program is best for capturing/analysing ? Please note that for whatever reason, packet capturing with winpcap on the windows computer doesn't work...

---

Answer 1

As others have mentioned, you can use wireshark (find out how to use filters to remove unnecessary packets in your log). If your Windows and Linux box are on the same network, you do not need that setup to sniff packets. Unless you are using ndiswrapper, you would probably be able to set the wireless network device on the Linux box to "monitor mode" and it will sniff all packets on your LAN. If your device does not support that mode, you can try connecting both boxes to your router physically. That will help you avoid the routing you described in your question.

Answer 2

Of course you can do this, take a look at wireshark

Answer 3

man tcpdump

On my Mac, I do it like this: sudo tcpdump -ien1 -s0 -xX -vvv

I don't know how similar tcpdump options are across platforms... Note, tcpdump also allows you to capture to a pcap file that could then be imported to Wireshark and maybe other gui tools.