Am trying to set up remote capture from Linux (on a Amazon EC2 VM) to my Windows 7 laptop. I have found a couple of commands that claim to work using the plink SSH client that comes with Putty. Number 1: plink PersonEC2 ' sudo tshark -i eth0 > /tmp/pipe ' | wireshark -k –i where PersonEC2 is my Putty Saved Session Name Number 2: wireshark -k -i < (plink –ssh XXXX.compute-1.amazonaws.com -l ubuntu sudo /usr/bin/tshark -i eth0 -w ) where XXXX is the public IP address for my VM Neither command works. (The keys are working fine, so that is no problem getting logged in.) I have successfully executed "plink PersonEC2 sudo tshark -i eth0 -w /out.cap" from a cmd window on my laptop. This successfully starts tshark and captures packets in out.cap. I have successfully copied out.cap from the Linux VM to my Win7 laptop and opened the file in Wireshark. But when I try to add the pipe in Number 1 to feed Wireshark on my laptop directly, I get a message from the cmd box on my laptop saying "The system cannot find the path specified." Number 2 gives the same error message. Am I on the right track with either of these two and can someone help me further. It seems like I still have two steps to go: 1) getting the tshark command on the Linux VM to accept a pipe as output and then getting my Win7 copy of Wireshark hooked up to the pipe. asked 15 Jul '12, 13:06  KenHadley |
One Answer:
On Linux you need to write the output to STDOUT to be able to read it on Windows. Please try this:
UPDATE: If sudo prompts for a password, this could cause problems (as sudo will also write to STDOUT). In that case, login (ssh/plink) with the root account directly! Regards answered 16 Jul '12, 00:19  Kurt Knochner ♦ edited 16 Jul '12, 05:56 |
Thank you. That is just what I needed.