gettrace

Remote Network Trace

This perl trace utility program can be used to gather remote network trace. It is run by specifying

• the hostname or ip address of the system on which trace is to be gathered
• the root password of the remote system
• the trace command to be run

It telnets using root to the remote system and starts the trace command. The user hits return when enough trace has been gathered and the trace file is copied back to the local directory using FTP. It can then be loaded in ethereal, wireshark or some other pcap network analyser for analysis. To use the script the following conditions must be met:

• It is possible to telnet and FTP as root to the remote system
• Either tcpdump or snoop exists in the root path on the remote system
• The perl modules FTP.pm and Telnet.pm exist on the local system

Note that tcpdump will usually exist on a Linux based system while snoop will exist on a solaris system. A typical run of the script is:

[localhost$]perl gettrace.pl.txt -h 193.120.205.49 -r rootpassword -t "sctp or port 25"

writing network trace to : /tmp/trace

[root@dmztest trace]

Trace Command: tcpdump -w 193.120.205.49.pcap -s 0 sctp or port 25 &

Gathering network trace. Press return to continue

[localhost$]ethereal 193.120.205.49.pcap &

[1] 10526