Remote Real Time Packet Capture With Wireshark and pfsense

Commands from video:
Make sure wireshark allows user to run dumppcap
sudo dpkg-reconfigure wireshark-common (choose yes)
sudo chmod +x /usr/bin/dumpcap

To Run Wireshark as root from a non-root user
sudo su -c 'wireshark -k -i <(ssh root@ -p 22 tcpdump -i mvneta0 -U -w - )'

Run as user
wireshark -k -i <(ssh root@ -p 222 tcpdump -i xn2 -U -w - )

Run as user exclude Tom computer ip of
wireshark -k -i <(ssh root@ -p 222 tcpdump -i xn2 host not -U -w - )


Excuse my ignorance, but anyway to pull the VLAN tag information using this method?

Yes, in the example below, adding the .1337 to the igb0 interface it will only capture VLAN 1337.

wireshark -k -i <(ssh root@ -p 22 tcpdump -i igb0.1337 host not -U -w - )

Hello new here just signed up i wonder if this is possible on windows machine? thanks

While I know there is a version of Wireshark for WIndows, I am not sure if the tcpdump will work.

1 Like

Thanks Tom for the reply im more used to linux distro now i think ill try to slowly move on that since im more on managing webservers etc on my work.still more windows on my workplace but our back-end is almost linux now :slight_smile: