coelner/hacktricks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #539 from oddrabbit/patch-8

Browse Source 
Added in Capture packets remotely with Wireshark and tcpdump over SSH
This commit is contained in:
Carlos Polop 2022-10-25 16:44:38 +02:00 committed by GitHub
commit 624fb4073f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
generic-methodologies-and-resources/pentesting-network/README.md
View File

@ -240,6 +240,13 @@ tcpdump -i <IFACE> icmp #Listen to icmp packets
sudo bash -c "sudo nohup tcpdump -i eth0 -G 300 -w \"/tmp/dump-%m-%d-%H-%M-%S-%s.pcap\" -W 50 'tcp and (port 80 or port 443)' &"
```
One can, also, capture packets from a remote machine over an SSH session with Wireshark as the GUI in realtime.
```
ssh user@<TARGET IP> tcpdump -i ens160 -U -s0 -w - | sudo wireshark -k -i -
ssh <USERNAME>@<TARGET IP> tcpdump -i <INTERFACE> -U -s0 -w - 'port not 22' | sudo wireshark -k -i - # Exclude SSH traffic
```
### Bettercap2
```bash