Remote TCP Dump for Wireshark

ssh root@host.example.com 'tcpdump -i eth0 -c 1000 -w -' > host.pcap

This command logs into the remote system, captures 1000 packets with tcpdump, and saves them to local file host.pcap in pcap format for analysis by Wireshark.

This is a simple and quick command. If performance was a concern, e.g., if you needed to capture 10 billion packets per second, you might need to take a different approach.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s