User Tools

Site Tools


Capture live packets from server using Wireshark and SSH tunnel

In case you want to capture directly over an SSH tunnel on your Wireshark GUI tool, you can use ssh tunneling and netcat to do so, by:

# in one terminal, run
nc -lp 4567 | sudo wireshark -k -i -
# on another terminal, run
ssh -R 127.1:4567:127.1:4567
\__ tcpdump -iany -nn -w - | nc 4567
docu/csheet/ofsec/wshark_live_cap_ssh.txt · Last modified: 2020/08/25 14:42 by admin