Wireshark

From Stu2
Jump to navigation Jump to search

Remote Sniffing:

Must be able to run tcpdump as user on machine. 

usermod -a -G pcap USER
chgrp pcap /usr/sbin/tcpdump
chmod 750 /usr/sbin/tcpdump
setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump

mkfifo /tmp/remote
ssh [email protected] "tcpdump -s 0 -U -n -w - -i enp5s6 'not port 22'" > /tmp/remote

Bring up wireshark and add pipe. Options, Manage Interfaces, Pipes, +, enter /tmp/remote. Enter password from SSH command.

Retrieved from "http://stu2.net/wiki/index.php?title=Wireshark&oldid=4942"