Wireshark for windows
After reading my article about rpcapd, Peter Calum sent me this message:
I can not use rcapd because of the problem with the random chosen port for the data transfer, because of the FW between our office network and our technical network servers. Our wireshark collecting host is placed here.
But after some work I found another solution which works real fine : Pipe a tcpdump command on the collecting host back trough SSH.
I use plink.exe which comes with PuTTY
Make a command file with the tcpdump command :
tcpdump -s0 -w - -i eth0 not port 22
Run
plink.exe -ssh -pw mypassword root@192.168.1.10 -m commands.txt | "c:program fileswiresharkwireshark.exe" -k -i –
when you send the command wireshark starts up and shows the data … voila
Wireshark for linux
And from linux, just run :
ssh root@192.168.5.228 "tcpdump -w - host 192.168.5.219" | wireshark -k -i -