If you are seeing still more than one TCP session you can filter even more. First of all you state using TCP, so applying the display filter tcp should get rid of all the other packets. You can also use sshdump directly in Wireshark’s GUI. Assuming that you are able to capture this traffic it comes down to mapping the parameters of your connection to the packets found in the capture. This command is functionally equivalent to the commands above: sshdump -extcap-interface=sshdump -capture -remote-host remotehost -remote-username remoteuser -fifo=/some/local/directory/tcpdump.pcap We can also filter with some special parameter in the packet through the option Prepare a Filter, select the parameter you want and click right click then you can see the menu display. You can now open up the remote capture file by using Wireshark on your computer.Īlternatively, you can use Wireshark’s remote capture tool sshdump. When explaining IPv6 I am always showing a few Wireshark screenshots to give a feeling on how IPv6 looks like. What if you wanted to capture and analyze traffic on a remote server? Wireshark is usually used to analyze traffic on your local network, so you would need to use a tool like tcpdump.įirst, SSH into the remote machine with an account with root access: ssh use tcpdump to capture the traffic on the remote network and save it into a PCAP file: sudo tcpdump -i eth0 -w tcpdump.pcapįinally, copy the capture file to your computer by using the scp command: scp /some/local/directory
0 kommentar(er)
