use Wireshark to analyze data from remote tcpdump

Filed under: monitoring,scripting — nax @ 15:10

Quite nice feature of wireshark is, that it can receive data from remotly running tcpdump. I use plink (which is part of putty tools squite) here, to open channel to remote unuix host where I open tcpdump. In addition you can specify -pw parameter with a password.

plink.exe -ssh "nax@" -m command_eth0.txt | "c:\program files\wireshark\wireshark.exe" -k -i -

where command_eth0.txt contains:

sudo /sbin/tcpdump -s0 -w - -n -i eth0 host \&\& ! port 12345

Comments are closed.

Powered by WordPress