Ask Your Question
0

Read raw capture data from network socket...

asked 2020-09-10 17:56:29 +0000

Grimeton gravatar image

Hi,

I was wondering if I can run Wireshark on Windows and make it listen on a network socket for incoming raw data that it then logs?

I have something like this in mind:

tcpdump -i hn0 -w - | nc $windows_host $port

And then the Windows' Wireshark just works with what it gets?

That would save me the daemon on that machine...

I've seen that Wireshark can do "pipes". Are those named pipes? Maybe I could get something going with socat in Cygwin that redirects to a named pipe?

Thanks!

Cu

edit retag flag offensive close merge delete

Comments

Have you looked at Windows Netcat or using nc on WSL (Windows Subsystem for Linux)?
Example here using nc on both ends.

Chuckc gravatar imageChuckc ( 2020-09-10 19:35:17 +0000 )edit

The part that puzzles me is how I get the data LIVE into Wireshark without storing it anywhere before... Else I could just store it into a file and copy the file over later.

Grimeton gravatar imageGrimeton ( 2020-09-10 20:12:10 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-09-10 21:09:10 +0000

Chuckc gravatar image

Pipe to wireshark -k -i -
Example here on wiki

nc -l $windows_host $port | wireshark -k -i -
edit flag offensive delete link more

Comments

Troubleshoot ncat and Windows firewall before piping to Wireshark.

image description

Chuckc gravatar imageChuckc ( 2020-09-10 21:15:50 +0000 )edit

Hello,

the last part is what was missing. I didn't know that Wireshark accepts stdin as "-" on the "-i" parameter.

Thanks!

KR,

G.

Grimeton gravatar imageGrimeton ( 2020-09-10 21:43:18 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2020-09-10 17:56:29 +0000

Seen: 2,024 times

Last updated: Sep 10 '20