Skip to content

Instantly share code, notes, and snippets.

@vjt
Last active August 1, 2024 09:20
Show Gist options
  • Save vjt/738be5b57d70a5c14d00730058f4f2ed to your computer and use it in GitHub Desktop.
Save vjt/738be5b57d70a5c14d00730058f4f2ed to your computer and use it in GitHub Desktop.
tcpdump on remote host

Running tcpdump on remote hosts with no storage

If you have tcpdump on your embedded home router and you want to see what traffic your crippled phone is doing, you can dump traffic on the router and visualise it on your main workstation using wireshark.

Ensure that you can log on to the remote host without a password, e.g. by using SSH keys.

  1. On the remote host, create a FIFO
remotehost# mkfifo /tmp/tcpdump
  1. On the local host, ssh to the remote and start reading from the FIFO, and pipe its contents straight to wireshark.
localhost# ssh remotehost cat /tmp/tcpdump | wireshark -ki -
  1. On the remote host, start capturing and write to the FIFO. Of course replace the capture interface and/or add a capture filter as needed.
remotehost# tcpdump -s0 -Uni eth0 -vvv -w /tmp/tcpdump

Enjoy

@vjt
Copy link
Author

vjt commented Aug 1, 2024

Glad to hear it! Cheers!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment