This is our old Q&A Site. Please post any new questions and answers at

Would be awesome if Wireshark had native/built-in SSH tunnel support for remote tcpdump packet capturing instead of having to use a third party SSH app and the limitations such as not being able to stop/restart a capture, and not being able to use the Wireshark GUI to set the capture filter.

Maybe have Wireshark be able to load plink.exe and use it as though it is it's natively built-in SSH tunnel app.

Instead of having to execute plink to set up the pipe to redirect Unix/Linux tcpdump into Wireshark. Have Wireshark handle the whole thing. Tell Wireshark what SSH app to use (plink.exe), provide credentials/key file for SSH access, the remote app to run (tcpdump), and configure the capture filter for tcpdump to use.

asked 12 Jan '17, 02:36

NOYB's gravatar image

accept rate: 0%

This is being worked in with the extcap utility sshdump which gives a pseudo-interface "SSH remote capture". I'm not sure of the state of this in the stable (2.2.x) releases but you can try a development release (2.3.x) from the automated builds site.

permanent link

answered 12 Jan '17, 03:14

grahamb's gravatar image

grahamb ♦
accept rate: 22%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 12 Jan '17, 02:36

question was seen: 4,712 times

last updated: 12 Jan '17, 03:14

p​o​w​e​r​e​d by O​S​Q​A