This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi,

I currently can capture remotley using the following syntax.

 "C:\Program Files (x86)\PuTTY\plink.exe" -ssh -pw xxxxxx [email protected] "tcpdump -ni eth0 -s 0 -w- not port 22 " | "C:\Program Files\Wireshark\Wireshark.exe" -k -i -

However now I would like to capture from 2 remote hosts at the same time and same window. I was wondering if it's possible , if yes, how should i proceed.

thanks

asked 29 Aug '14, 07:23

testertester's gravatar image

testertester
11113
accept rate: 0%

edited 29 Aug '14, 07:25


You won't be able to do 2 remote hosts using the method you're currently using (tcpdump to a pipe). However, I think it would work if you use the rpcapd approach:

  1. install rpcapd on the 2 remote hosts
  2. Add those 2 remote interfaces to Wireshark (Capture->Options then click on Manage Interfaces then go to the Remote Interfaces tab)
  3. In the main Capture Options dialog select the 2 remote interfaces and start your capture

Note: I've never used the remote capture facility and thus I don't have a clue if this will really work. It's completely possible Wireshark doesn't support capturing from 2 remote interfaces at the same time but at a high level (read: not knowing the details) I don't see why it wouldn't.

permanent link

answered 29 Aug '14, 10:43

JeffMorriss's gravatar image

JeffMorriss ♦
6.2k572
accept rate: 27%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×1,620
×59

question asked: 29 Aug '14, 07:23

question was seen: 3,102 times

last updated: 29 Aug '14, 10:43

p​o​w​e​r​e​d by O​S​Q​A