Advertisement
olihough86

Untitled

Jul 15th, 2019
1,189
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.68 KB | None | 0 0
  1. Wireshark over SSH (WS on Windows traffic on Linux)
  2.  
  3. Works best when you are listeing to a different interface other than the one used to SSH in, if it's the same interface then add extra options to tcpdump in order to filter out your own SSH traffic
  4.  
  5. --- Allow none root users in group pcap to run tcpdump ---
  6. sudo groupadd pcap
  7. sudo usermod -a -G pcap $USER
  8. sudo chgrp pcap /usr/sbin/tcpdump
  9. sudo setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump
  10. sudo ln -s /usr/sbin/tcpdump /usr/bin/tcpdump
  11. --- end ---
  12.  
  13. using plink (included with putty)
  14.  
  15. plink -ssh -batch -pw <PASSWORD> <USER>@<host> "tcpdump -i <INTERFACE> -U -s 0 -w -" | "C:\Program Files\Wireshark\Wireshark.exe" -k -i -
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement