Press "Enter" to skip to content

Tcpdump over ssh and wireshark

Here you have a very useful command for when you want to analyze traffic remotely over ssh using wireshark.

ssh root@192.168.1.1 tcpdump -i any -U -s0 -w - 'not port 22' | wireshark -k -i -

The idea is to run tcpdump on the remote server over ssh, send that capture in real time through this encrypted connection and view it on our local computer with wireshark, a graphical package inspector with many interesting features.

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *