Ask Your Question
0

How to put wireshark into Standard input directly or by using a Terminal

asked 2019-09-27 17:43:29 +0000

moad gravatar image

updated 2019-09-27 19:37:51 +0000

grahamb gravatar image

Hi everyone, My question is, i have an IP and a Port and i cant use nc IP Port | sudo wireshark -k -S -i - because it doesn't work with me on Win7 so how can i do that like directly or using CMD or Netcat on Win7?

Thank u so much

edit retag flag offensive close merge delete

Comments

That command line won't work on Windows as it's using commands usually found on Linux\macOS\Unix.

What are you trying to achieve with the nc IP Port part?

grahamb gravatar imagegrahamb ( 2019-09-27 19:39:27 +0000 )edit

i open a monitor on this port (on ESP8266 WiFi modul), and in a Video they come to this step and typing this command line in Netcat and then the wireshark open automatically and starts observe all traffic of an connected Client using this IP and Port. But this command line doesn't work on Win7 ,what should i do?

moad gravatar imagemoad ( 2019-09-27 20:33:29 +0000 )edit

Can you post a link to the source of the command?

grahamb gravatar imagegrahamb ( 2019-09-27 21:06:34 +0000 )edit
moad gravatar imagemoad ( 2019-09-27 22:58:28 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-09-28 13:54:08 +0000

Chuckc gravatar image

updated 2019-09-28 14:17:56 +0000

Do you have or can you load Putty with its utilities?

https://the.earth.li/~sgtatham/putty/0.72/htmldoc/Chapter7.html#plink

I have used plink to tcpdump on a remote machine and view locally in Wireshark. You would want to make a raw connection and pipe that into a Wireshark startup command.

Here is an example with ssh connection. Modify to make a raw plink connection to your monitor session:

https://osqa-ask.wireshark.org/questions/23609/remote-capture-via-ssh-and-pipe

Here is example connecting in raw mode:

C:\>plink -raw -P 22 192.168.1.1
SSH-2.0-OpenSSH_6.6.1p1 Debian-4~bpo70+1

Your string would be (filling in port and IP address for the monitor port):

plink -raw -P "Port" "IP" | "C:\Program Files\Wireshark\Wireshark.exe" -k -i -

Specify a path to plink if needed.

edit flag offensive delete link more

Comments

Note that Windows 10 1809 or later includes OpenSSH, I've stopped using PuTTY since that appeared.

grahamb gravatar imagegrahamb ( 2019-09-28 14:39:12 +0000 )edit

For future reference: https://nmap.org/ncat/ "Ncat is integrated with Nmap and is available in the standard Nmap download packages (including source code and Linux, Windows, and Mac binaries) available from the Nmap download page. "

Chuckc gravatar imageChuckc ( 2019-10-05 17:18:50 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2019-09-27 17:43:29 +0000

Seen: 1,743 times

Last updated: Sep 28 '19