Ask Your Question

liaodalin19903's profile - activity

2023-11-05 11:21:08 +0000 received badge  Famous Question (source)
2022-05-12 11:55:21 +0000 received badge  Famous Question (source)
2021-06-27 02:53:46 +0000 received badge  Notable Question (source)
2021-06-27 02:49:26 +0000 received badge  Notable Question (source)
2021-03-26 06:23:12 +0000 received badge  Popular Question (source)
2021-03-14 10:52:01 +0000 received badge  Popular Question (source)
2020-09-22 10:36:28 +0000 commented answer Problem trying to capture on a remote machine using ssh to run dumpcap on the remote machine

thank you, this works.

2020-09-22 10:36:19 +0000 marked best answer Problem trying to capture on a remote machine using ssh to run dumpcap on the remote machine

I followed the official documentation.

My remote-server is CentOS 7.9, and I have installed the wireshark in it.

I use the below command to open my local wireshark software to capture the remote-server's interface packet:

ssh root@remote-server-name 'dumpcap -w - -f "not port 22"' | wireshark -k -i -

but I get error information:

Capturing on 'nflog'
dumpcap: Invalid capture filter "not port 22" for interface nflog!

That string isn't a valid capture filter (NFLOG link-layer type filtering not implemented).
See the User's Guide for a description of the capture filter syntax.

and my local wireshark software displayed an error dialog with

End of file pipe magic during open.

I use the below command to special the interface:

ssh root@remote-server-name -i .ssh/id_rsa 'dumpcap -w - -f "not port 22"' | wireshark -k -i em1

but the wireshark says there is no such device, with an error dialog

The capture session could not be initiated
on interface 'em1' (No such device exists).

Please check that you have the proper
interface or pipe specified.

in my server there exist the em1 indeed.

[root@att ~]# ip a | grep em1
2: em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
inet remote-ip/29 brd remote-ip scope global noprefixroute em1

EDIT-01

I print the interfaces:

$ ssh root@att -i .ssh/id_rsa 'dumpcap -D'
1. bridge0
2. docker0
3. nflog
4. nfqueue
5. em1
6. usbmon1
7. em2
8. veth8b8f97a
9. vethfe9fbcf
10. br-eb92c719d431
11. veth5587e98
12. any
13. lo (Loopback)
2020-09-21 06:21:19 +0000 commented question Problem trying to capture on a remote machine using ssh to run dumpcap on the remote machine

@GuyHarris Check my edit

2020-09-21 06:21:01 +0000 edited question Problem trying to capture on a remote machine using ssh to run dumpcap on the remote machine

Problem trying to capture on a remote machine using ssh to run dumpcap on the remote machine I followed the official doc

2020-09-21 04:16:12 +0000 edited question Problem trying to capture on a remote machine using ssh to run dumpcap on the remote machine

MacOS wireshark Remote Capture issue. Hi, friends: I asked a question about wireshark Remote Capture in there: https:/

2020-09-21 04:15:29 +0000 commented question Problem trying to capture on a remote machine using ssh to run dumpcap on the remote machine

@grahamb I have updated my post with detail, please reopen it. thank you.

2020-09-21 04:15:02 +0000 received badge  Editor (source)
2020-09-21 04:15:02 +0000 edited question Problem trying to capture on a remote machine using ssh to run dumpcap on the remote machine

MacOS wireshark Remote Capture issue. Hi, friends: I asked a question about wireshark Remote Capture in there: https:/

2020-09-17 08:33:07 +0000 asked a question Problem trying to capture on a remote machine using ssh to run dumpcap on the remote machine

MacOS wireshark Remote Capture issue. Hi, friends: I asked a question about wireshark Remote Capture in there: https:/

2020-08-28 03:54:42 +0000 marked best answer what's the `tcp.analysis` ? and `tcp.analysis.flags`?

image description

I have several questions about wireshark packet.

  1. why when I request a website, there will get two TCP connection? you see the first two packets60907 -> 80 and 60908->80

2.what's the tcp.analysis ? and tcp.analysis.flags?

3.is it possible to sort the TCP connection packets by each connect? I mean, if there have two TCP connections, you see the 1-6 packet. is it possible to list like: 1 3 5 2 4 6

2020-08-28 03:54:42 +0000 received badge  Scholar (source)
2020-08-26 09:48:16 +0000 commented question what's the `tcp.analysis` ? and `tcp.analysis.flags`?

@grahamb I have three questions in my post, why close this post?

2020-08-26 09:13:58 +0000 asked a question what's the `tcp.analysis` ? and `tcp.analysis.flags`?

what's the `tcp.analysis` ? and `tcp.analysis.flags`? I have several questions about wireshark packet. why when I

2020-08-26 09:13:43 +0000 asked a question what's the `tcp.analysis` ? and `tcp.analysis.flags`?

what's the `tcp.analysis` ? and `tcp.analysis.flags`? I have several questions about wireshark packet. why when I