Reputation: 141
send packetdata from tshark to wireshark
I want to run tshark on a Raspberry Pi after booting or for a defined period of time and save the captured packets into a file. This file should then be accessible from Wireshark on my Windows laptop. I want to do this because I want to capture packets for example when I am not at home and then can analyze the captured data when I am back home. Is that possible? How can I start capturing after booting or for a defined period of time into a file and then send it to Wireshark on my laptop?
Upvotes: 2
Views: 584
Answers (2)
Reputation: 151
You can do something like this on your host machine.
ssh user@remotehost /usr/local/bin/tshark -l -w - | wireshark -k -i -
This opens a tshark on the remote machine and connects it to the wireshark on your local machine.
Upvotes: 0
Reputation: 8657
tcpdump -s 0 -i eth0 -W 1 -w dump.pcap -G 3600 port ftp or http
Will keep writing all matching packets to dump.pcap for 3600 seconds. You can then copy that file to your machine and load it normally with Wireshark's open dialog.
You could also use dumpcap or even tshark if you want, but tcpdump is well suited for this.
As for running on system startup, checkout:
Run automatically program on startup under linux ubuntu or just append your tcpdump line with an & at the end to /etc/rc.local.
Upvotes: 2
Related Questions
- Wireshark capture Magic Packet configuration
- tshark capture only dns or http traffic with specific ip adress and write to file
- Tshark will not capture BTLE packets with nRF sniffer
- tshark unable filter mac address during live capture
- Continuously feeding pcap files to tshark/wireshark
- Convert wireshark filter notation to tshark filter notation
- Sending UDP Packets from Wireshark / tshark
- tshark capture cookie information