Is it possible to do this: $ mkfifo /tmp/sharkfin On a linux box, connecting via SSH to a Windows box? ie, the Windows box is the one performing the actual capture and passing the traffic back to the Linux box. Any reason why it wouldn't work? As a side note, yes, I know about rpcap, but I don't want to use it if I can help it. asked 01 Sep '12, 20:02  DefensiveDepth |
2 Answers:
Well, I tried it UN*X-to-UN*X , and it worked, as long as I quoted the filter in the dumpcap command and told it to dump in pcap rather than pcap-NG format (this is with the version on the trunk, but the same applies to 1.8.x), i.e. If it's pre-1.8, you can, and need to, leave the For Windows, it'll probably work too, but you'd have to have an ssh daemon on the Windows box and arrange that, if you try to ssh to the Windows box and run dumpcap, it finds dumpcap - you might have to explicitly specify the path to dumpcap. answered 02 Sep '12, 16:08  Guy Harris ♦♦ |
You did not specify the interface number for dumpcap, so it will use the first interface. That might not be your LAN interface (depends on the configuration of your windows system). Please run this command from the Linux box.
It will show you two things: First: if
Second: if the first interface (Interface ID 1), is the one you want to capture on. If not, please run this command, by specifying the interface number.
BTW: The SSH Daemon on Windows may have problems forwarding the binary data through the SSH tunnel. That's unlikely but not impossible. What is the SSH daemon you were using on Windows? Regards answered 08 Aug '13, 07:59  Kurt Knochner ♦ |
