In the “Interface” box, type in the path to the FIFO you created (/tmp/packet_capture). On your destination system, open up Wireshark (we do this now, since on many systems it required the root password to start). You can use any name or location you want, but /tmp/packet_capture is pretty logical. This creates a named pipe where the source packet data (via ssh) will be written and Wireshark will read it from. On the destination system, if you haven’t already done so, mkfifo /tmp/packet_capture Source system (the server you want to capture packets on) that you have SSH access to, with tcpdump installed, and available to your user (either directly, or via sudo without password).ĭestination system (where you run graphical Wireshark) with wireshark installed and working, and mkfifo available.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |