Skip to content
/ remote-if-packet-capture Public
forked from Nikhil690/remote-if-packet-capture

This Repo contains wireshark commands for remote interface live capture

1 star 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

evershalik/remote-if-packet-capture

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
ReadMe.md
ReadMe.md
 
 

Repository files navigation

Setup dependencies

Install wireshark

sudo apt install wireshark tcpdump

Make a FIFO pipe file without any extension (don't make file like filename.pcap or something)

mkfifo /tmp/<filename>

Packet Capturing Proccess

Start Wireshark capturing with the following command:

wireshark -k -i /tmp/<filename>

In another terminal, execute the SSH command:

ssh <user>@<remote ip address> "sudo tcpdump -s 0 -U -n -w - -i <interface name> not port <port no.>" > /tmp/filename

and for multiple ports:

ssh <user>@<remote ip address> "sudo tcpdump -s 0 -U -n -w - -i <interface name> not port <port no.> and not port <port no.>" > /tmp/filename

and if the remote host require sudo password:

ssh <user>@<remote ip address> "echo <password> | sudo -S tcpdump -s 0 -U -n -w - -i <interface name> not port <port no.> and not port <port no.>" > /tmp/filename

About

This Repo contains wireshark commands for remote interface live capture

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published