Remote packet capture using WireShark & tcpdump

/ May 30, 2010

1. First step is to create a special FIFO file using mkfifo command, where you want to see the packet capture using WireShark. This file will use to read & write simultaneously using WireShark & tcpdump.

mkfifo /tmp/packet_capture

2. Second give the following ssh command on your terminal, to start the tcpdump on remote PC.

ssh hostname_or_ip_of_remote_pc "tcpdump -s 0 -U -n -w - -i eth0 not port 22" \
 > /tmp/packet_capture

3. Third & last step, give the following command to start the WireShark on your PC, which will read packets from the special FIFO file ‘/tmp/packet_capture’ at runtime.

wireshark -k -i /tmp/packet_capture

After giving the above command all the packets of remote pc’s eth0 will be visible on WireShark.

Advertisement

Related posts

8 thoughts on “Remote packet capture using WireShark & tcpdump

  1. Pingback: 2010 in review « Linux Explore

  2. Pingback: Jason Antman’s Blog » Using wireshark to capture packets from a remote host

  3. Pingback: Use tcpdump to capture in a pcap file (wireshark dump) « Linux Explore

  4. Pingback: Use tcpdump to capture in a pcap file (wireshark dump) | Linux Explore

  6. Pingback: How to: How can I read pcap files in a friendly format? #solution #development #programming | Good Answer

  7. Pingback: 친숙한 형식으로 pcap 파일을 어떻게 읽을 수 있습니까? 205.188.159.57.25: F - How IT

  8. Pingback: Remote packet capturing using fifo and dumpcap - Boot Panic

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s