Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2020-09-17 08:33:07 +0000

liaodalin19903 gravatar image

MacOS wireshark Remote Capture issue.

Hi, friends:

I asked a question about wireshark Remote Capture in there:

https://stackoverflow.com/questions/63918952/wireshark-remote-capture-failednflog-link-layer-type-filtering-not-implemented

please help with me.

MacOS wireshark Remote Capture issue.

Hi, friends:

I asked a question about wireshark Remote Capture in there:

https://stackoverflow.com/questions/63918952/wireshark-remote-capture-failednflog-link-layer-type-filtering-not-implemented

please help with me.

The detail information:

I followed the official documentation.

My remote-server is CentOS 7.9, and I have installed the wireshark in it.

I use the below command to open my local wireshark software to capture the remote-server's interface packet:

ssh root@remote-server-name 'dumpcap -w - -f "not port 22"' | wireshark -k -i -

but I get error information: ``` Capturing on 'nflog' dumpcap: Invalid capture filter "not port 22" for interface nflog!

That string isn't a valid capture filter (NFLOG link-layer type filtering not implemented). See the User's Guide for a description of the capture filter syntax. ```

and my local wireshark software display the error: k

EDIT-01

I use the below command to special the interface: ssh root@remote-server-name -i .ssh/id_rsa 'dumpcap -w - -f "not port 22"' | wireshark -k -i em1

but the wireshark says there is no such device: enter image description here

in my server there exist the em1 indeed. [root@att ~]# ip a | grep em1 2: em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 inet remote-ip/29 brd remote-ip scope global noprefixroute em1

MacOS wireshark Remote Capture issue.

Hi, friends:

I asked a question about wireshark Remote Capture in there:

https://stackoverflow.com/questions/63918952/wireshark-remote-capture-failednflog-link-layer-type-filtering-not-implemented

please help with me.

The detail information:

I followed the official documentation.

My remote-server is CentOS 7.9, and I have installed the wireshark in it.

I use the below command to open my local wireshark software to capture the remote-server's interface packet:

ssh root@remote-server-name 'dumpcap -w - -f "not port 22"' | wireshark -k -i -

but I get error information: ``` Capturing on 'nflog' dumpcap: Invalid capture filter "not port 22" for interface nflog!

That string isn't a valid capture filter (NFLOG link-layer type filtering not implemented). See the User's Guide for a description of the capture filter syntax. ```

and my local wireshark software display the error: k

EDIT-01

I use the below command to special the interface: interface:

ssh root@remote-server-name -i .ssh/id_rsa 'dumpcap -w - -f "not port 22"' | wireshark -k -i em1

but the wireshark says there is no such device: device:

enter image description here

in my server there exist the em1 indeed. indeed.

[root@att ~]# ip a | grep em1 2: em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 inet remote-ip/29 brd remote-ip scope global noprefixroute em1

click to hide/show revision 4
None

updated 2020-09-21 05:57:56 +0000

Guy Harris gravatar image

MacOS wireshark Remote Capture issue.

Hi, friends:

I asked a question about wireshark Remote Capture in there:

https://stackoverflow.com/questions/63918952/wireshark-remote-capture-failednflog-link-layer-type-filtering-not-implemented

please help with me.

The detail information:

I followed the official documentation.

My remote-server is CentOS 7.9, and I have installed the wireshark in it.

I use the below command to open my local wireshark software to capture the remote-server's interface packet:

ssh root@remote-server-name 'dumpcap -w - -f "not port 22"' | wireshark -k -i -

but I get error information: ``` Capturing on 'nflog' dumpcap: Invalid capture filter "not port 22" for interface nflog!

That string isn't a valid capture filter (NFLOG link-layer type filtering not implemented). See the User's Guide for a description of the capture filter syntax. ```

and my local wireshark software display the error: k

EDIT-01

displayed an error dialog with

End of file pipe magic during open.

I use the below command to special the interface:

ssh root@remote-server-name -i .ssh/id_rsa 'dumpcap -w - -f "not port 22"' | wireshark -k -i em1

but the wireshark says there is no such device:

enter image description here

device, with an error dialog

The capture session could not be initiated
on interface 'em1' (No such device exists).

Please check that you have the proper
interface or pipe specified.

in my server there exist the em1 indeed.

[root@att ~]# ip a | grep em1 2: em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 inet remote-ip/29 brd remote-ip scope global noprefixroute em1

click to hide/show revision 5
None

updated 2020-09-21 06:01:57 +0000

Guy Harris gravatar image

MacOS wireshark Remote Capture issue.

I followed the official documentation.

My remote-server is CentOS 7.9, and I have installed the wireshark in it.

I use the below command to open my local wireshark software to capture the remote-server's interface packet:

ssh root@remote-server-name 'dumpcap -w - -f "not port 22"' | wireshark -k -i -

but I get error information: ``` Capturing on 'nflog' dumpcap: Invalid capture filter "not port 22" for interface nflog!

That string isn't a valid capture filter (NFLOG link-layer type filtering not implemented). See the User's Guide for a description of the capture filter syntax. ```

and my local wireshark software displayed an error dialog with

End of file pipe magic during open.

I use the below command to special the interface:

ssh root@remote-server-name -i .ssh/id_rsa 'dumpcap -w - -f "not port 22"' | wireshark -k -i em1

but the wireshark says there is no such device, with an error dialog

The capture session could not be initiated
on interface 'em1' (No such device exists).

Please check that you have the proper
interface or pipe specified.

in my server there exist the em1 indeed.

[root@att ~]# ip a | grep em1 2: em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 inet remote-ip/29 brd remote-ip scope global noprefixroute em1

MacOS wireshark Remote Capture issue.Problem trying to capture on a remote machine using ssh to run dumpcap on the remote machine

I followed the official documentation.

My remote-server is CentOS 7.9, and I have installed the wireshark in it.

I use the below command to open my local wireshark software to capture the remote-server's interface packet:

ssh root@remote-server-name 'dumpcap -w - -f "not port 22"' | wireshark -k -i -

but I get error information: ``` Capturing on 'nflog' dumpcap: Invalid capture filter "not port 22" for interface nflog!

That string isn't a valid capture filter (NFLOG link-layer type filtering not implemented). See the User's Guide for a description of the capture filter syntax. ```

and my local wireshark software displayed an error dialog with

End of file pipe magic during open.

I use the below command to special the interface:

ssh root@remote-server-name -i .ssh/id_rsa 'dumpcap -w - -f "not port 22"' | wireshark -k -i em1

but the wireshark says there is no such device, with an error dialog

The capture session could not be initiated
on interface 'em1' (No such device exists).

Please check that you have the proper
interface or pipe specified.

in my server there exist the em1 indeed.

[root@att ~]# ip a | grep em1 2: em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 inet remote-ip/29 brd remote-ip scope global noprefixroute em1

EDIT-01

I print the interfaces:

$ ssh root@att -i .ssh/id_rsa 'dumpcap -D' 1. bridge0 2. docker0 3. nflog 4. nfqueue 5. em1 6. usbmon1 7. em2 8. veth8b8f97a 9. vethfe9fbcf 10. br-eb92c719d431 11. veth5587e98 12. any 13. lo (Loopback)

click to hide/show revision 7
None

updated 2020-09-21 08:24:58 +0000

grahamb gravatar image

Problem trying to capture on a remote machine using ssh to run dumpcap on the remote machine

I followed the official documentation.

My remote-server is CentOS 7.9, and I have installed the wireshark in it.

I use the below command to open my local wireshark software to capture the remote-server's interface packet:

ssh root@remote-server-name 'dumpcap -w - -f "not port 22"' | wireshark -k -i -

but I get error information: ``` information:

Capturing on 'nflog'
dumpcap: Invalid capture filter "not port 22" for interface nflog!
 
nflog!

That string isn't a valid capture filter (NFLOG link-layer type filtering not implemented).
See the User's Guide for a description of the capture filter syntax.
```

and my local wireshark software displayed an error dialog with

End of file pipe magic during open.

I use the below command to special the interface:

ssh root@remote-server-name -i .ssh/id_rsa 'dumpcap -w - -f "not port 22"' | wireshark -k -i em1

but the wireshark says there is no such device, with an error dialog

The capture session could not be initiated
on interface 'em1' (No such device exists).

Please check that you have the proper
interface or pipe specified.

in my server there exist the em1 indeed.

[root@att ~]# ip a | grep em1
2: em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
 inet remote-ip/29 brd remote-ip scope global noprefixroute em1

EDIT-01

I print the interfaces:

$ ssh root@att -i .ssh/id_rsa 'dumpcap -D'
1. bridge0
2. docker0
3. nflog
4. nfqueue
5. em1
6. usbmon1
7. em2
8. veth8b8f97a
9. vethfe9fbcf
10. br-eb92c719d431
11. veth5587e98
12. any
13. lo (Loopback)
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2