Created
September 26, 2016 11:12
-
-
Save pmalek/714d41d15a108d55a2018d8831b317c4 to your computer and use it in GitHub Desktop.
tcpdump from a remote machine to fifo on local machine and read via wireshark
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| mkfifo fifo | |
| TCPHOST="10.0.0.1"; while true ; do \ | |
| ssh $TCPHOST 'tcpdump -s 0 -U -n -w - "!igmp && !arp && !rarp && !(host 224.0.0.1) && !(port 22) && !(port 67) && !(port 53) && !(port 123) && !(port 5353) && !(port 137)"' > fifo; \ | |
| done | |
| # on another console | |
| wireshark -k -i fifo |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment