User Tools
docu:csheet:ofsec:wshark_live_cap_ssh
Capture live packets from server using Wireshark and SSH tunnel
In case you want to capture directly over an SSH tunnel on your Wireshark GUI tool, you can use ssh tunneling and netcat to do so, by:
# in one terminal, run nc -lp 4567 | sudo wireshark -k -i - # on another terminal, run ssh -R 127.1:4567:127.1:4567 your-server.net \__ tcpdump -iany -nn -w - | nc 127.0.0.1 4567
docu/csheet/ofsec/wshark_live_cap_ssh.txt · Last modified: 2020/08/25 14:42 by admin
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
