Ask Your Question

how to run wireshark over ssh

asked 2019-04-02 07:50:58 +0000

yosi gravatar image

i wont to run wireshark over all my network over the firewall. i have ssh connection to the firewall and i can run tcpdump on the firewall

but i wont to run wireshark on my traffic how i can do this? i saw this guide but and it's not work? in wireshark i dosn't get date i run windows and run this command “C:\tools\plink.exe” -ssh [email protected] “tcpdump -s 0 -w – ‘port 8080′” | “C:\Program Files\Wireshark\Wireshark.exe” -i -k –

how i can said to wireshark Listen to Fort 8080?


edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted

answered 2019-04-02 09:46:35 +0000

grahamb gravatar image

Are you really running that command as the remote destination "[email protected]" will connect to your own machine?

There a couple of questions on the old Ask Wireshark site that cover this issue; here and here.

edit flag offensive delete link more


it's not work I get error data written to the pipe is neither in a supported pcap format nor in pcapng format I run windows 10 not linux

yosi gravatar imageyosi ( 2019-04-02 12:12:08 +0000 )edit

And both those questions discuss remoting from Windows to a linux (or alike) system running tcpdump, which seems to be what you're asking for.

Note that the answer given for the first question I linked passes in the ssh password on the command line, have you tried that?

grahamb gravatar imagegrahamb ( 2019-04-02 12:44:57 +0000 )edit

Thanks I tried with the password and I still getting the error

data written to the pipe is neither in a supported pcap format nor in pcapng format

yosi gravatar imageyosi ( 2019-04-04 05:06:35 +0000 )edit

That error usually occurs because "something" has written to the pipe with data that's not part of a capture file. Commonly this is the sshd process on the server asking for passwords or such.

What output do you get with a command such as:

C:\tools\plink.exe -ssh -pw password [email protected] “echo whoami"

obviously replacing "password" and "[email protected]" with the correct password, user name and host for your remote system.

grahamb gravatar imagegrahamb ( 2019-04-04 09:37:43 +0000 )edit

I get this

Bad parameter starting at 'echo whoami'

yosi gravatar imageyosi ( 2019-04-05 05:22:58 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2019-04-02 07:50:58 +0000

Seen: 5,654 times

Last updated: Apr 02 '19