How do I use SSH Remote Capture in Wireshark
I am using Wireshark 2.4.6 portable (downloaded from this site) and I am trying to configure the remote capture I am not clear on what I should use in the remote capture command line. What should I put there?
There is a help for this but it refers to the CLI option https://www.wireshark.org/docs/man-pa...
On the above page they say that using that sshdump CLI is the equivalent of this Unix CLI
ssh remoteuser@remotehost -p 22222 'tcpdump -U -i IFACE -w -' > FILE & $ wireshark FILE w
I filled out this form when I saw "SSH" option and now I can't edit this capture inerface. It just keeps going back to the same connection. Have you figured out how to use and edit this interface?
The documentation seems out of date for 2.61.
The sshdump manpage is for the extcap binary that is used to make the ssh connection from Wireshark. Normally you won't need to look at that. The above dialog is the UI provided by the extcap and sshdump interface. I think the Remote Capture Command should be the full path to the binary you wish to use on the remote machine, e.g.
/usr/sbin/tcpdump.@benjamin, I know this infinitely too late for you, but after stopping you pcap, save it if you wish, and then use the 'Close This Capture File' button to return to the main menu.
It's the 7th button from the left, it looks like a pcap icon with a large black cross through it.