Press "Enter" to skip to content

Remote Tcpdump over ssh and wireshark

Here you have a very useful command for when you want to analyze traffic remotely with tcpdump over ssh using wireshark.

ssh root@ tcpdump -i any -U -s0 -w - 'not port 22' | wireshark -k -i -

The idea is to run tcpdump on the remote server over ssh, send that capture in real time through this encrypted connection and view it on our local computer with wireshark, a graphical package inspector with many interesting features.

Leave a Reply

Your email address will not be published. Required fields are marked *