olihough86

Untitled

Jul 15th, 2019
791
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Wireshark over SSH (WS on Windows traffic on Linux)
  2.  
  3. Works best when you are listeing to a different interface other than the one used to SSH in, if it's the same interface then add extra options to tcpdump in order to filter out your own SSH traffic
  4.  
  5. --- Allow none root users in group pcap to run tcpdump ---
  6. sudo groupadd pcap
  7. sudo usermod -a -G pcap $USER
  8. sudo chgrp pcap /usr/sbin/tcpdump
  9. sudo setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump
  10. sudo ln -s /usr/sbin/tcpdump /usr/bin/tcpdump
  11. --- end ---
  12.  
  13. using plink (included with putty)
  14.  
  15. plink -ssh -batch -pw <PASSWORD> <USER>@<host> "tcpdump -i <INTERFACE> -U -s 0 -w -" | "C:\Program Files\Wireshark\Wireshark.exe" -k -i -
RAW Paste Data