How to clear packet list during live capture?
How do I clear the Packet List during a live capture session? The Stop/Start and Restart options do not work for me because I am capturing packets that are piped back to WireShark via SSH.
ssh myserver "sudo tcpdump -i mynetworkinterface -w -" | "/c/Program Files/Wireshark/Wireshark.exe" -k -i -
Of course, I can close the application altogether and relaunch it from the CLI, but it's a little annoying. It seems like an option to "Clear Packet List" would be somewhat minor, almost trivial, to implement.
Have you considered using the sshdump extcap interface to capture with?
How exactly would that work? Example?
When installing Wireshark, you have the option of installing the External Capture Interfaces which include
sshdump
.On the Wireshark Welcome Screen it will be listed in the lower "Capture" section of the screen.
Click the gear next to "SSH remote capture" to specify the server connection, authentication information and command to run for the capture along with any options or capture filter.
Unfortunately, I am not able to create a SSH session directly from my workstation to the network interface (
mynetworkinterface
) that needs to be monitored. It is on a different network, only accessible from the remote system (myserver
).The SSH session would be to
myserver
.I'm not trying to capture packets between my local system and
mysever
. I need to capture packets betweenmyserver
and a remote client that is on a totally different physical network. This discussion has gotten off-topic. The issue at hand is a need to clear the Packet List without having to restart WireShark. After WireShark has been running for a while, applying a filter takes progressively longer each time a new filter is applied because the number of packets in the Packet List to analyze against the new filter only grows.