Comments on: Using wireshark with remote capturing http://blog.nielshorn.net/2010/02/using-wireshark-with-remote-capturing/ Random thoughts, tips & tricks about Slackware-Linux, Lego and Star Wars Tue, 10 Jan 2012 12:10:37 -0200 http://wordpress.org/?v=2.8.4 hourly 1 By: Niels Horn http://blog.nielshorn.net/2010/02/using-wireshark-with-remote-capturing/comment-page-1/#comment-2256 Niels Horn Tue, 08 Nov 2011 15:41:00 +0000 http://blog.nielshorn.net/?p=167#comment-2256 Brian, Thanks for this info! This is probably very useful for Windows users! Niels Brian,

Thanks for this info! This is probably very useful for Windows users!

Niels

]]> By: Brian http://blog.nielshorn.net/2010/02/using-wireshark-with-remote-capturing/comment-page-1/#comment-2255 Brian Tue, 08 Nov 2011 15:31:23 +0000 http://blog.nielshorn.net/?p=167#comment-2255 Niel - I found your website, and it gave me the building blocks that I needed. I found a way to do something extremely similar inside of winXP. I'm not sure if any of your readers may find it useful or not. Basically what I did was used an extention of PuTTY called plink and piped the result to a windows version of Wireshark - "C:\Program Files\PuTTY\plink.exe" -ssh -pw "enter user passwd here" @ tcpdump -w - -s 0 -i eth0 not port 22 | "C:\Program Files\Wireshark\wireshark.exe" -k -i - It's a little more convoluted, but the results were that I was able to gather my wireshark captures from a remote linux host on my WinXP machine here @ work. Niel – I found your website, and it gave me the building blocks that I needed. I found a way to do something extremely similar inside of winXP. I’m not sure if any of your readers may find it useful or not.

Basically what I did was used an extention of PuTTY called plink and piped the result to a windows version of Wireshark -

“C:\Program Files\PuTTY\plink.exe” -ssh -pw “enter user passwd here” @ tcpdump -w – -s 0 -i eth0 not port 22 | “C:\Program Files\Wireshark\wireshark.exe” -k -i -

It’s a little more convoluted, but the results were that I was able to gather my wireshark captures from a remote linux host on my WinXP machine here @ work.

]]> By: logiciel gratuit http://blog.nielshorn.net/2010/02/using-wireshark-with-remote-capturing/comment-page-1/#comment-1940 logiciel gratuit Wed, 18 May 2011 17:10:00 +0000 http://blog.nielshorn.net/?p=167#comment-1940 nice tips. i prefer to write wireshark result in a file and scp @desktop and then parse it through wireshark and Amazing gfx ! did you use any special soft for that ? nice tips.
i prefer to write wireshark result in a file and scp @desktop and then parse it through wireshark

and Amazing gfx ! did you use any special soft for that ?

]]> By: UTL http://blog.nielshorn.net/2010/02/using-wireshark-with-remote-capturing/comment-page-1/#comment-1697 UTL Fri, 11 Feb 2011 17:01:46 +0000 http://blog.nielshorn.net/?p=167#comment-1697 it was only a problem of not using certificates with ssh, now it works correctly thanks! it was only a problem of not using certificates with ssh, now it works correctly
thanks!

]]> By: Niels Horn http://blog.nielshorn.net/2010/02/using-wireshark-with-remote-capturing/comment-page-1/#comment-1689 Niels Horn Sun, 06 Feb 2011 14:09:29 +0000 http://blog.nielshorn.net/?p=167#comment-1689 Did you try another port? Any firewall between the two boxes? Niels Did you try another port? Any firewall between the two boxes?

Niels

]]> By: Niels Horn http://blog.nielshorn.net/2010/02/using-wireshark-with-remote-capturing/comment-page-1/#comment-1687 Niels Horn Sun, 06 Feb 2011 14:07:17 +0000 http://blog.nielshorn.net/?p=167#comment-1687 Glad I could be of help! Glad I could be of help!

]]> By: Tom http://blog.nielshorn.net/2010/02/using-wireshark-with-remote-capturing/comment-page-1/#comment-1682 Tom Fri, 04 Feb 2011 13:39:34 +0000 http://blog.nielshorn.net/?p=167#comment-1682 I had some devices that had tcpdump and no easy means for loading additional software, this was an excellent solution for monitoring their communications. Thanks. I had some devices that had tcpdump and no easy means for loading additional software, this was an excellent solution for monitoring their communications. Thanks.

]]> By: UTL http://blog.nielshorn.net/2010/02/using-wireshark-with-remote-capturing/comment-page-1/#comment-1679 UTL Tue, 01 Feb 2011 17:53:58 +0000 http://blog.nielshorn.net/?p=167#comment-1679 i tried to run it on my openwrt box, from ubuntu 10.10, but when i execute the command ssh root@192.168.1.1 -p 443 “tcpdump -i eth0 -s 0 -U -w – not port 443″ > /tmp/pipes/cap_fw nothing happens (it should ask me the pw i suppose, but it doesn’t), it acts like if i didn’t press Return… the dropbear daemon is running on port 443 with pw login (no certificate) i tried to run it on my openwrt box, from ubuntu 10.10, but when i execute the command
ssh root@192.168.1.1 -p 443 “tcpdump -i eth0 -s 0 -U -w – not port 443″ > /tmp/pipes/cap_fw
nothing happens (it should ask me the pw i suppose, but it doesn’t), it acts like if i didn’t press Return…
the dropbear daemon is running on port 443 with pw login (no certificate)

]]> By: Niels Horn http://blog.nielshorn.net/2010/02/using-wireshark-with-remote-capturing/comment-page-1/#comment-1578 Niels Horn Tue, 30 Nov 2010 15:25:55 +0000 http://blog.nielshorn.net/?p=167#comment-1578 Jay, Thanks for your feedback. Glad that this was helpful for you! Niels Jay,

Thanks for your feedback. Glad that this was helpful for you!

Niels

]]> By: Jay http://blog.nielshorn.net/2010/02/using-wireshark-with-remote-capturing/comment-page-1/#comment-1577 Jay Tue, 30 Nov 2010 15:11:21 +0000 http://blog.nielshorn.net/?p=167#comment-1577 Thanks! This is so useful - I was fed up capturing limited sets of data to import into wireshark so I could use the voip tools, and now I dont have to :-) Thanks! This is so useful – I was fed up capturing limited sets of data to import into wireshark so I could use the voip tools, and now I dont have to :-)

]]>