Getting a live capture over an ssh connection is a solved problem on all
ssh works for this purpose on Linux, Macos, and WSL on Windows
works for Windows PuTTY users. Briefly, I’ll go over what
that looks like for
You can check that your ssh-key is loaded with
Initially, let’s set up variables for cleaner code. Replace each variable in <> with a value that works for you.
ssh_opts="<user>@<server> -p <port>" remote_cmd="sudo /usr/sbin/tcpdump -s0 -n -w - not port <port>" read_cmd="wireshark -k -i" -OR- "tshark -i"
We then have the option of piping directly:
ssh $ssh_opts $remote_cmd | $read_cmd -
Or using a named pipe:
mkfifo /tmp/capfifo ssh $ssh_options $ssh_command > /tmp/capinfo & $read_cmd /tmp/capfifo