Sniffing Traffic From A Remote Machine With Wireshark

It can be a pain sometimes to try to read tcpdump results on the fly when you only have SSH access. The usual way is to write the capture into a file and have Wireshark read and analyse the file subsequently.

There’s another way to have Wireshark read tcpdump output on the fly though by sending the dump to a named pipe and sending it via ssh to your local machine with Wireshark for real-time analysis. But be warned that this might take up significant bandwidth if the machine are sniffing has high network utilization. This is the command for sniffing all the remote network traffic on eth0.

ssh [email protected] -i eth0 -s 1500 -w –  | wireshark -k -i –

You can apply additional filters on the tcpdump command to reduce the data sent over the network. There are other ways to do this but I think this is the simplest most straightforward way to get work done.



Author: yibi

YiBi's numb :) YiBi writes about anything. Technology, Gossips, Rubbish YiBi's a half f%#k geek :P

This is useful? Please leave your comment or Share this on Facebook!

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: