PCAP over IP to NetworkMiner

Most are familiar with WireShark and how to use dumpcap to remotely create a pcap file. Below, see a remote dumpcap session streaming via NetCat to NetworkMiner packet analyzer. NetworkMiner is a forensics tool that decodes the real time pcap stream and displays the images, videos, files, sessions, and DNS traffic that it contains.

On NetworkMiner:
File > Receive Pcap over IP > Start

On your router:
dumpcap -i eth0 -P -w - -f "ether host 90:b6:86:24:61:86" | nc 57012
eth0 = The interface.vlan you want to capture. Leave the vlan off to capture all vlans and the vlan tags.
eth0.4 = Capture vlan 4 on the first physical ethernet interface.
90:b6:86:24:61:86 = The MAC address of the device you want = The host running NetworkMiner (Do Not capture the traffic you are streaming. Loop)
57012 = the port NetworkMiner is listening on.

Install Grub

Notes for installing Grub on a disk that has already had basic files copied to it. More details

sudo mount /dev/sdXY /mnt
sudo mount /dev/sdXY /mnt/boot

#Mount the critical virtual file systems. Run the following as a single command:
for i in /dev /dev/pts /proc /sys /run; do sudo mount -B $i /mnt$i; done

#Chroot into your normal system device:
sudo chroot /mnt

#Reinstall GRUB 2 (substitute the correct device with sda, sdb, etc. 
#Do not specify a partition number):
grub-install /dev/sdX

#Recreate the GRUB 2 menu file (grub.cfg)

#Exit chroot: CTRL-D on keyboard

sudo reboot