Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Wireshark over SSH (WS on Windows traffic on Linux)
- Works best when you are listeing to a different interface other than the one used to SSH in, if it's the same interface then add extra options to tcpdump in order to filter out your own SSH traffic
- --- Allow none root users in group pcap to run tcpdump ---
- sudo groupadd pcap
- sudo usermod -a -G pcap $USER
- sudo chgrp pcap /usr/sbin/tcpdump
- sudo setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump
- sudo ln -s /usr/sbin/tcpdump /usr/bin/tcpdump
- --- end ---
- using plink (included with putty)
- plink -ssh -batch -pw <PASSWORD> <USER>@<host> "tcpdump -i <INTERFACE> -U -s 0 -w -" | "C:\Program Files\Wireshark\Wireshark.exe" -k -i -
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement