Quite nice feature of wireshark is, that it can receive data from remotly running tcpdump. I use plink (which is part of putty tools squite) here, to open channel to remote unuix host where I open tcpdump. In addition you can specify -pw parameter with a password.


plink.exe -ssh "nax@192.168.0.14" -m command_eth0.txt | "c:\program files\wireshark\wireshark.exe" -k -i -

where command_eth0.txt contains:


sudo /sbin/tcpdump -s0 -w - -n -i eth0 host 192.168.0.16 \&\& ! port 12345

Tags