I can sniff the traffic of my local pc but I would like to know how to I sniff the traffic of a remote machine by wireshark?
When in capture option I select remote interface and enter my remote ip show me error.code(10061).
What should I do?
wireshark
I can sniff the traffic of my local pc but I would like to know how to I sniff the traffic of a remote machine by wireshark?
When in capture option I select remote interface and enter my remote ip show me error.code(10061).
What should I do?
Best Answer
On Linux and OSX you can achieve this by running tcpdump over ssh and having wireshark listen on the pipe.
Create a named pipe:
$ mkfifo /tmp/remote
Start wireshark from the command line
$ wireshark -k -i /tmp/remote
Run tcpdump over ssh on your remote machine and redirect the packets to the named pipe:
$ ssh root@firewall "tcpdump -s 0 -U -n -w - -i eth0 not port 22" > /tmp/remote
Source: http://blog.nielshorn.net/2010/02/using-wireshark-with-remote-capturing/