ByteBlower 1.8 remote capture tool
Posted by Tom Ghyselinck, Last modified by Wouter Debie on 29 June 2017 09:47 AM

Sometimes it becomes handy if the user could capture on a ByteBlower port.  This is possible using the ByteBlower Tcl API.  But what if the Tcl API is not available or Tcl is not installed on the PC?

Hello byteblower-remote-capture !  byteblower-remote-capture is a command line tool which enables the user to start and stop captures on a ByteBlower server.  The result will be saved on the local PC. 

Important : the tool can capture RX traffic only !

Version 1.8.32 of the capture tool for Byteblowers 1.x can be downloaded here

  • [[SecureDownload:ByteBlower/Tools/Capture/1.8.32/Windows/byteblower-remote-capture.exe:Windows executable]]
  • [[SecureDownload:ByteBlower/Tools/Capture/1.8.32/Linux/i686/byteblower-remote-capture:Linux 32bit executable]]
  • [[SecureDownload:ByteBlower/Tools/Capture/1.8.32/Linux/i686/CentOS/byteblower-remote-capture:Linux (CentOS 5) 32bit executable]]
  • [[SecureDownload:ByteBlower/Tools/Capture/1.8.32/Linux/amd64/byteblower-remote-capture:Linux 64bit executable]]

The tool can be configured using command line arguments:

Argument name Description Notes
--server, -s The (remote) ByteBlower server to capture on.  
When this option is not given, localhost will be used. (handy for use on a ByteBlower server)
optional
--interface, -i The name of the ByteBlower interface to capture on.
Examples: trunk-1-1, nontrunk-1
required
--out, -o The name of the file in which the results must be stored.  Only PCAP is supported for now.
Warning: If the given file name already exists, the file will be overwritten!
required
--filter, -f A well formed BPF capture filter to use.  This can be used to only select a portion of the incoming data optional

Examples:

  • byteblower-remote-capture --server byteblower-1.excentis.com --interface nontrunk-1 --filter "ip host 10.0.0.1 and ip host 10.0.0.2" --out example1.pcap
  • byteblower-remote-capture --server byteblower-1.excentis.com --interface trunk-1-1 --filter "ip host 10.0.0.2 and udp dst 1000" --out example2.pcap
(1 vote(s))
Helpful
Not helpful

Comments (0)

We to help you!