Des del 2000 compartiendo sobre…

Sniffing traffic in a Linux box and streaming in real-time to Wireshark on Windows

Reading time: 1 – 2 minutes

Sniffing and inspect complex protocols on “tcpdump” is usually painful. Of course, “tcpflow” is a very useful tool but is not always enough to sniff in a console. Wireshark is always a better option when it’s time to debug and troubleshooting communication problems.

But it’s not always easy to plug a Network TAP where you want to sniff. If at that point we have a Linux box with “ssh” and “tcpdump”. An interesting option is stream sniffed traffic to another box with Wireshark and dissect packet octets in their layers, fields, etc.

When Wireshark box is based on Windows you need “plink.exe“, and you can do thinks like that:

plink.exe -ssh -pw LINUX_BOX_PASSWORD root@LINUX_BOX_IP "tcpdump -n -i INTERFACE_TO_SNIFF -s 0 -w - not port 22" | "%PATH_TO_WIRESHARK\Wireshark.exe" -k -i -

Next you have a screenshot with a real life example of that:


Comments are closed.

Últimas entradas

Resumen 2023

Reading time: 14 – 22 minutes El 2023 comenzó con una sensación de renovación y optimismo. Tras un período marcado por la pandemia, este año se presentó como un lienzo en blanco, lleno de posibilidades y nuevas experiencias. Aunque el

Leer más »