ethernet > tcpdump > Linux > ssh > Windows > wireshark

Streaming a remote packet capture on a linux system over ssh to a windows system is as easy as creating a one line batch file. When wireshark opens click the "-" interface. 
"C:\Program Files\PuTTY\plink.exe" -batch -ssh -P 22 [email protected] "/usr/bin/sudo /usr/sbin/tcpdump -s 0 -i enp2s0 -w - 'port not 22'" | "C:\Program Files\Wireshark\Wireshark.exe" -i -

Should work with much older and newer of all components but tested with Ubuntu 18.04, Putty 0.70, WireShark 2.6.1, Windows 10 Pro 1803 17134.112
Adding -batch to prevent "Data written to the pipe is neither in a supported pcap format nor in pcapng format" error.
Thanks:
https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
https://www.wireshark.org/download.html

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)