You can also use sshdump directly in Wireshark’s GUI. This command is functionally equivalent to the commands above: sshdump -extcap-interface=sshdump -capture -remote-host remotehost -remote-username remoteuser -fifo=/some/local/directory/tcpdump.pcap You can now open up the remote capture file by using Wireshark on your computer.Īlternatively, you can use Wireshark’s remote capture tool sshdump. Wireshark can be used to capture Ethernet, wireless, Bluetooth, and many other kinds of traffic.
What if you wanted to capture and analyze traffic on a remote server? Wireshark is usually used to analyze traffic on your local network, so you would need to use a tool like tcpdump.įirst, SSH into the remote machine with an account with root access: ssh use tcpdump to capture the traffic on the remote network and save it into a PCAP file: sudo tcpdump -i eth0 -w tcpdump.pcapįinally, copy the capture file to your computer by using the scp command: scp /some/local/directory Wireshark is a graphical network protocol analyzer that lets us take a deep dive into the individual packets moving around the network.
0 kommentar(er)
