Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version
dumpcap -w - -f "not port 22"

That will dump on the default device that libpcap supplies, although I'm surprised it's nflog rather than bridge0. In any case, it won't necessarily pick the device you want - you should use the -i flag to specify the device you want.

wireshark -k -i em1

As Jaap notes, that tells Wireshark on the local machine, not dumpcap on the remote machine, to capture on em1; your Mac doesn't have a device named em1, so it fails.

What you want is

ssh [email protected] 'dumpcap -w - -i em1 -f "not port 22"' | wireshark -k -i -