This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

capturing from multiple remote hosts at the same time

0

Hi,

I currently can capture remotley using the following syntax.

 "C:\Program Files (x86)\PuTTY\plink.exe" -ssh -pw xxxxxx [email protected] "tcpdump -ni eth0 -s 0 -w- not port 22 " | "C:\Program Files\Wireshark\Wireshark.exe" -k -i -

However now I would like to capture from 2 remote hosts at the same time and same window. I was wondering if it's possible , if yes, how should i proceed.

thanks

asked 29 Aug '14, 07:23

testertester's gravatar image

testertester
11113
accept rate: 0%

edited 29 Aug '14, 07:25


One Answer:

0

You won't be able to do 2 remote hosts using the method you're currently using (tcpdump to a pipe). However, I think it would work if you use the rpcapd approach:

  1. install rpcapd on the 2 remote hosts
  2. Add those 2 remote interfaces to Wireshark (Capture->Options then click on Manage Interfaces then go to the Remote Interfaces tab)
  3. In the main Capture Options dialog select the 2 remote interfaces and start your capture

Note: I've never used the remote capture facility and thus I don't have a clue if this will really work. It's completely possible Wireshark doesn't support capturing from 2 remote interfaces at the same time but at a high level (read: not knowing the details) I don't see why it wouldn't.

answered 29 Aug '14, 10:43

JeffMorriss's gravatar image

JeffMorriss ♦
6.2k572
accept rate: 27%