如何使用wireshark+ssh+tcpdump抓取远程数据包

tshark + wireshark+ssh

ssh root@HOST tcpdump -U -s0 -w - 'not port 22' | wireshark -k -i -

1	ssh root@HOST tcpdump -U -s0 -w - 'not port 22' \| wireshark -k -i -

tcpdump + wireshark + ssh

ssh root@server.com 'tshark -f "port !22" -w -' | wireshark -k -i -

1	ssh root@server.com 'tshark -f "port !22" -w -' \| wireshark -k -i -

fifo方式

mkfifo /tmp/fifo; ssh-keygen; ssh-copyid root@remotehostaddress; sudo ssh root@remotehost "tshark -i eth1 -f 'not tcp port 22' -w -" > /tmp/fifo &; sudo wireshark -k -i /tmp/fifo;

1	mkfifo /tmp/fifo; ssh-keygen; ssh-copyid root@remotehostaddress; sudo ssh root@remotehost "tshark -i eth1 -f 'not tcp port 22' -w -" > /tmp/fifo &; sudo wireshark -k -i /tmp/fifo;

原文地址：
http://www.commandlinefu.com/commands/view/4373/analyze-traffic-remotely-over-ssh-w-wireshark

如何使用wireshark+ssh+tcpdump抓取远程数据包

留下评论

取消回复