Remote Real Time Packet Capture With Wireshark and pfsense

Commands from video:
Make sure wireshark allows user to run dumppcap
sudo dpkg-reconfigure wireshark-common (choose yes)
sudo chmod +x /usr/bin/dumpcap

To Run Wireshark as root from a non-root user
sudo su -c 'wireshark -k -i <(ssh root@192.168.1.1 -p 22 tcpdump -i mvneta0 -U -w - )'

Run as user
wireshark -k -i <(ssh root@172.16.69.112 -p 222 tcpdump -i xn2 -U -w - )

Run as user exclude Tom computer ip of 192.168.3.9
wireshark -k -i <(ssh root@172.16.69.112 -p 222 tcpdump -i xn2 host not 192.168.3.9 -U -w - )

2 Likes

Excuse my ignorance, but anyway to pull the VLAN tag information using this method?

Yes, in the example below, adding the .1337 to the igb0 interface it will only capture VLAN 1337.

wireshark -k -i <(ssh root@192.168.3.1 -p 22 tcpdump -i igb0.1337 host not 192.168.3.9 -U -w - )

Hello new here just signed up i wonder if this is possible on windows machine? thanks

While I know there is a version of Wireshark for WIndows, https://www.wireshark.org/download.html I am not sure if the tcpdump will work.