Skip to content

Instantly share code, notes, and snippets.

@vjt

vjt/remote-tcpdump.md

Last active March 8, 2024 07:29
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save vjt/738be5b57d70a5c14d00730058f4f2ed to your computer and use it in GitHub Desktop.
Save vjt/738be5b57d70a5c14d00730058f4f2ed to your computer and use it in GitHub Desktop.
Download ZIP
tcpdump on remote host
Raw
remote-tcpdump.md

Running tcpdump on remote hosts with no storage

If you have tcpdump on your embedded home router and you want to see what traffic your crippled phone is doing, you can dump traffic on the router and visualise it on your main workstation using wireshark.

  1. On the remote host, create a FIFO
remotehost# mkfifo /tmp/tcpdump
  1. On the local host, ssh to the remote and start reading from the FIFO, and pipe its contents straight to wireshark.
localhost# ssh remotehost cat /tmp/tcpdump | wireshark -ki -
  1. On the remote host, start capturing and write to the FIFO. Of course replace the capture interface and/or add a capture filter as needed.
remotehost# tcpdump -s0 -Uni eth0 -vvv -w /tmp/tcpdump

Enjoy

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment