-i eth0 specifies the interface to capture from (change to your needs).After you entered it, you will see the packets getting listed in Wiresharks main screen.
Now switch to another console and start Wireshark, listening to our newly created pipe:Īfter Wireshark has started, the ssh console will ask for roots password. Ssh "tcpdump -i eth0 -s 0 -U -w - not port 22" > /tmp/pipe I use this setup for checking, whats going on on my IPcop firewall.įirst, you need to prepare a named pipe on you monitoring station:Īfter this, we build up the connection to the remote system, issue the tcpdump command there and direct all outputs to the pipe: In this small how-to, I’ll show how to capture network traffic from a remote system to analyze it using Wireshark.Īll you need is tcpdump on the remote machine, where you want to dump the network traffic off and Wireshark on the computer, you want to use to look at the packets flying around.
0 kommentar(er)
