Omit the “sudo” if you don’t need it, though if you do, you’ll need passwordless access. This will SSH to the source system (source-hostname, either by hostname or IP) as the specified user (user) and execute sudo /usr/sbin/tcpdump. On the destination system, run ssh "sudo /usr/sbin/tcpdump -s 0 -U -n -w -i eth0 not port 22" > /tmp/packet_capture You should press the Start button before running the next command - I recommend typing the command in a terminal window, pressing start, then hitting enter in the terminal to run the command. In the “Interface” box, type in the path to the FIFO you created (/tmp/packet_capture). On your destination system, open up Wireshark (we do this now, since on many systems it required the root password to start). You can use any name or location you want, but /tmp/packet_capture is pretty logical. This creates a named pipe where the source packet data (via ssh) will be written and Wireshark will read it from. On the destination system, if you haven’t already done so, mkfifo /tmp/packet_capture Source system (the server you want to capture packets on) that you have SSH access to, with tcpdump installed, and available to your user (either directly, or via sudo without password).ĭestination system (where you run graphical Wireshark) with wireshark installed and working, and mkfifo available.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |