Remote Packet sniff using SSH and Wireshark to analysis

Hello there !

In this brief tutorial, I will show how capture remote traffic through ssh and analysis with wireshark.

the basic to do this is:

$ mkfifo /tmp/remoteif
$ ssh root@yourserver “tcpdump -ni pflog0 -w – host 10.20.30.40” > /tmp/remoteif
$ wireshark -k -i /tmp/remoteif

* Tips: configure your remote user to use sudo to execute tcpdump. Configure root login without password using keys

An especial thanks to my friend mentesan -> Muito Sapeca !

 

This entry was posted in Network and tagged , , , . Bookmark the permalink.