weddingla.blogg.se - Wireshark command line remote capture

To solve this, we analyse the $SSH_CLIENT environment variable to specifically exclude the packets of the current SSH session from being returned.

If you were going to run this script on your local computer, these three arguments would be sufficient.īut there’s an added hurdle when running the script over SSH.īecause it logs all network traffic, each packet sent will result in some more SSH traffic - which then gets captured by the script itself, and sent over SSH, which gets captured, and sent, and so on, ad infinitum.

The -w - arguments tell tcpdump to print the packets to standard output, rather than to a file.

This functionality is usually used when saving all network traffic to multiple files for long-term storage.

The -s 0 arguments tell tcpdump to capture everything, rather than to stop after a certain number of bytes.

The -U flag disables buffering, so captured packets are shown immediately.