OSQA is unmaintained. Help us figure out where to go from here.
0
1

Hello Everyone,

i have a new configuration where i try to capture my linux machines and display the traffic with wireshark on windows. On windows i'm using cygwin to receive the data from my linux machines via ssh

$ mkfifo /tmp/capture_1
$ ssh [email protected] "tcpdump -s0 -U -n -w - -i eth0 'not port 22'" > /tmp/capture_1

So far everything is working quite well. My problem occurs when i try to capture the pipe. When i try to capture in the same manner on ubuntu everything works well.

asked 07 Aug '13, 06:54

ALKA's gravatar image

ALKA
6124
accept rate: 0%

converted to question 07 Aug '13, 08:42

grahamb's gravatar image

grahamb ♦
19.1k328203

I presume you're using a regular windows version of Wireshark, not some unknown Cygwin version. If so, are Cygwin pipes compatible with Windows programs?

(07 Aug '13, 08:43) grahamb ♦

Please use plink on windows and pipe the binary output of tcpdump directly to Wireshark, instead of trying to create named pipes with Cygwin (as it looks like in your example).

plink.exe -ssh -pw abc123 [email protected] "tcpdump -ni eth0 -s 0 -w - not port 22" | "C:\Program Files\Wireshark\Wireshark.exe" -k -i -

Regards
Kurt

permanent link

answered 08 Aug '13, 07:12

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.7k1037235
accept rate: 15%

Thanks a lot!

The named pipes in cygwin were the problem. plink works fine

(12 Aug '13, 02:08) ALKA
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×243
×57
×33
×25

question asked: 07 Aug '13, 06:54

question was seen: 27,620 times

last updated: 12 Aug '13, 03:15

p​o​w​e​r​e​d by O​S​Q​A