Forwarding remote tcpdump streams to Wireshark
Often times one wants to analyze network traffic on a remote
host with Wireshark running locally.
One method is to capture the traffic with tcpdump
on the
remote host and then download the completed capture to your
local computer and open it for analysis.
This works but is awkward and time consuming. What if, instead,
one was able to watch the network capture in Wireshark live?
With a combination of ssh
and tcpdump
it is possible to
do just that as shown below:
Thanks to ‘Tux’ at bytefreaks.com for the inspiration.