19.6.2014

use Wireshark to analyze data from remote tcpdump

Filed under: monitoring,scripting — nax @ 15:10

Quite nice feature of wireshark is, that it can receive data from remotly running tcpdump. I use plink (which is part of putty tools squite) here, to open channel to remote unuix host where I open tcpdump. In addition you can specify -pw parameter with a password.


plink.exe -ssh "nax@192.168.0.14" -m command_eth0.txt | "c:\program files\wireshark\wireshark.exe" -k -i -

where command_eth0.txt contains:


sudo /sbin/tcpdump -s0 -w - -n -i eth0 host 192.168.0.16 \&\& ! port 12345

Comments are closed.

Powered by WordPress