 | 1 | initial version |
With Wireshark v2.6.3 on Debian GNU/Linux 9 (stretch) I got it to run with the following content for the "Remote capture command" input field:
/usr/sbin/tcpdump -i eth0 -U -w - 'not (host 192.168.10.62 and port 22)'
I had to use the full path to tcpdump on the target, otherwise it was not found. The content of the fields "Remote interface" and "Remote capture filter" were ignored, so I also put those in the "Remote capture command" field. Note the quotes around the filter expression!
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.