February 21, 2016

remote capture packets and analysis in wireshark

make a FIFO pipe

mkfifo /tmp/pipe

redirect ssh traffic to pipe*

ssh REMOTE_HOST "sudo tcpdump -i eth0 -s 0 -U -w - not port 22" > /tmp/pipe

open wireshark to analysis pipe

wireshark -k -i /tmp/pipe

*tcpdump needs root privilege, so make sure the user you logged-in can run this command or give tcpdump the privileges

Powered by Hugo & Kiss.