Wireshark mailing list archives
Re: How to capture packets on a remote machine?
From: Peter Wu <peter () lekensteyn nl>
Date: Fri, 24 Mar 2017 01:39:29 +0100
Hi Shiyao, On Sun, Mar 19, 2017 at 04:13:51PM +0800, Shiyao Ma wrote:
On my local side, wireshark (latest) is running on macOS 10.12. On the remote machine, debian (sid), the package wireshark (2.2.5) is installed. I tried using the "ssh remote capture". But wireshark errs: "Capturing from a pipe doesn't support pcapng format." How to solve that.?
If your remote user has appropriate privileges, try editing "Remote capture binary", replacing "dumpcap" by "tcpdump". If this fails (because you are logging in as non-root or because the tcpdump binary is lacking permissions), you can try creating a script on the server (e.g. /usr/local/bin/dumpcap or $HOME/bin/dumpcap) containing: #!/bin/sh exec /usr/sbin/dumpcap -P "$@" Then make the file executable. The "-P" option ensures that the output format is pcap rather than pcapng since that is (currently?) not supported. Note that in the next stable version, the "SSH remote capture" options got reworked, defaulting to tcpdump and allowing you to specify the full capture command instead of just the binary. -- Kind regards, Peter Wu https://lekensteyn.nl ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- How to capture packets on a remote machine? Shiyao Ma (Mar 19)
- Re: How to capture packets on a remote machine? Peter Wu (Mar 23)