Ask Your Question

Revision history [back]

With Wireshark v2.6.3 on Debian GNU/Linux 9 (stretch) I got it to run with the following content for the "Remote capture command" input field:

/usr/sbin/tcpdump -i eth0 -U -w - 'not (host and port 22)'

I had to use the full path to tcpdump on the target, otherwise it was not found. The content of the fields "Remote interface" and "Remote capture filter" were ignored, so I also put those in the "Remote capture command" field. Note the quotes around the filter expression!