Created
December 6, 2021 21:44
-
-
Save nsmith5/a119104e7601c8cb6ec40bf77f286f88 to your computer and use it in GitHub Desktop.
Grabbing a packet capture
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SSH to your remote machine | |
| ssh host.example.com | |
| # Install tcpdump if its not already available | |
| apt install -y tcpdump | |
| # Record a network packet capture | |
| sudo tcpdump -w your-capture.pcap | |
| # You can also narrow this down a low like this. Google around for the right command to filter | |
| # out what you want. This example is only the traffic on the 'eth0' device, destination port 8080 | |
| # and TCP only. | |
| sudo tcpdump -i eth0 -w your-other-capture.pcap dest port 8080 and tcp | |
| # Now go back to your laptop | |
| Ctrl+C | |
| # And copy the pcap file back to it | |
| sftp host.example.com | |
| > get your-capture.pcap | |
| > Ctrl+C | |
| # Now open up wireshark and open this pcap file :D |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment