SHARE
TWEET

Untitled

olihough86 Jul 15th, 2019 642 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Wireshark over SSH (WS on Windows traffic on Linux)
  2.  
  3. Works best when you are listeing to a different interface other than the one used to SSH in, if it's the same interface then add extra options to tcpdump in order to filter out your own SSH traffic
  4.  
  5. --- Allow none root users in group pcap to run tcpdump ---
  6. sudo groupadd pcap
  7. sudo usermod -a -G pcap $USER
  8. sudo chgrp pcap /usr/sbin/tcpdump
  9. sudo setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump
  10. sudo ln -s /usr/sbin/tcpdump /usr/bin/tcpdump
  11. --- end ---
  12.  
  13. using plink (included with putty)
  14.  
  15. plink -ssh -batch -pw <PASSWORD> <USER>@<host> "tcpdump -i <INTERFACE> -U -s 0 -w -" | "C:\Program Files\Wireshark\Wireshark.exe" -k -i -
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top