1 | initial version |
You have some options for capturing:
1) using wireshark on debian (like you did). To do this, you need to install xauth on debian, run an X server on your machine, connect with ssh with -X and run wireshark.
2) use sshdump. Install tcpdump on debian. Install wireshark on your machine, run it and scroll down the interface list. When you find ssh, click on the gear on the left and you'll be provided with a dialog you have to fill. Provide the necessary info (remote machine ip, username, etc), and the module will do the job for you.
3) capture the traffic on debian and transfer the capture file to your machine. Open it with wireshark.