Linux Explore » remote packet capture https://blog.linuxexplore.com Exploring Linux Mon, 07 Apr 2014 00:30:50 +0000 en-US hourly 1 https://wordpress.org/?v=4.0.38 Remote packet capture using WireShark & tcpdump https://blog.linuxexplore.com/2010/05/30/remote-packet-capture-using-wireshark-tcpdump/ https://blog.linuxexplore.com/2010/05/30/remote-packet-capture-using-wireshark-tcpdump/#comments Sat, 29 May 2010 19:31:42 +0000 http://linuxexplore.wordpress.com/?p=234 1. First step is to create a special FIFO file using mkfifo command, where you want to see the packet capture using WireShark. This file will use to read & write simultaneously using WireShark & tcpdump.

mkfifo /tmp/packet_capture

2. Second give the following ssh command on your terminal, to start the tcpdump on remote PC.

ssh hostname_or_ip_of_remote_pc "tcpdump -s 0 -U -n -w - -i eth0 not port 22" 
 > /tmp/packet_capture

3. Third & last step, give the following command to start the WireShark on your PC, which will read packets from the special FIFO file ‘/tmp/packet_capture’ at runtime.

wireshark -k -i /tmp/packet_capture

After giving the above command all the packets of remote pc’s eth0 will be visible on WireShark.

]]> https://blog.linuxexplore.com/2010/05/30/remote-packet-capture-using-wireshark-tcpdump/feed/ 6