I recently came across and issue that required the use of Wireshark. Unfortunately I did not have access to install this on the remote linux host. No probelm, luckily it’s easy to route tcpdump over SSH to Wireshark on my local Window machine.

You will need:

  • Wireshark (obviously)
  • Putty
  • Plink

Putty & link are available to download here

Running the command below at via command prompt will launch Wireshark and begin logging traffic:

"C:\Program Files (x86)\PuTTY\plink.exe" PASSWORD [email protected]_ADDRESS "sudo tcpdump -U -s 0 -w - 'not port 22'" | "C:\Program Files (x86)\Wireshark\wireshark.exe" -k -i –

Just make sure you are pointing to the location of both Plink and Wireshark. Also replace the PASSWORD, USERNAME and SERVER_ADDRESS with the needed SSH details.

Note: You can see I am filtering out SSH traffic on port 22. This can be pretty heavy on the network so filter if you can.