BlackMaria · May 8, 2013 13:04
diff --git a/remote_wireshark.sh b/remote_wireshark.sh
 #!/bin/sh
 REMOTE_SYSTEM=$1

 #  You want to filter out your ssh pipe from tcpdump.
 #  So we need to know what our IP is that is connecting to the system
 #  IF behind a firewall you will want to fix this
 #
 # There are more elegant ways than this, I just can remember them :}
 # LOCAL_IP=$(ifconfig |grep 192  | cut -d: -f2 | cut -d\  -f1)
 #
 # This is for macos
 LOCAL_IP=`ipconfig getifaddr en0`

 #  The real work is done here!
 ssh root@$REMOTE_SYSTEM "/usr/sbin/tcpdump -i eth0 -w - -U  \! \( port ssh and host $LOCAL_IP \)" | wireshark -i - -k
	#!/bin/sh
	REMOTE_SYSTEM=$1

	# You want to filter out your ssh pipe from tcpdump.
	# So we need to know what our IP is that is connecting to the system
	# IF behind a firewall you will want to fix this
	#
	# There are more elegant ways than this, I just can remember them :}
	# LOCAL_IP=$(ifconfig \|grep 192 \| cut -d: -f2 \| cut -d\ -f1)
	#
	# This is for macos
	LOCAL_IP=`ipconfig getifaddr en0`

	# The real work is done here!
	ssh root@$REMOTE_SYSTEM "/usr/sbin/tcpdump -i eth0 -w - -U \! \( port ssh and host $LOCAL_IP \)" \| wireshark -i - -k