Wireshark SSH Tunnel

[Rurn]

Hey all,

I'm new, had the LAN turtle for about three weeks and I'm loving it.  I have limited knowledge of the RF spectrum and I'm new to networks etc, but I've learnt so much by solving problems as I've gone along.  

However one thing I'm stuck with is setting up an SSH tunnel to the turtle remotely, in order to get a more diverse capture than I believe URLsnarf is capable of.

Current setup

Windows 10 putty (and/or Kali in Vbox)

SSH to a digitalocean VPS

SSH into my turtle remotely.  

 

I've searched the forums and googled for "wireshark remote ssh capture" etc, but everything I find seems either irrelevant or goes way over my head.  From what I did understand it seems like I may not be able to do it.  And I figured if it was possible, wouldn't everyone be using Wireshark instead of URLSnarf (which seems basic to me)

Questions

1. Do any of you gurus know if it is possible to get a relatively comprehensive live capture from the LAN turtle via SSH?
2. Has anyone done this yet?

[Lemni]

You can use tcpdump du save data to a file and read it in real time in your distant server

Let's say that you have configured sshfs and it's working

Steps :

• On the LanTurtle runthe following command, you can replace "port 80" by any valid filter

tcpdump -i eth0 -U -w /sshfs/pcapFile "port 80"

• On your server use wireshark with a Pipe (cf : https://wiki.wireshark.org/CaptureSetup/Pipes )

mkfifo /tmp/sharkfin
wireshark -k -i /tmp/sharkfin &
tail -f -n +1 /pathToSshfs/pcapFile > /tmp/sharkfin &

• If you don't want to use sshfs you can also use something like this :

  echo "tcpdump -i eth0 -U -s0 -w - \"not port 22\" 2> /dev/null | ssh -p 22 user@$host \"touch /path/to/file && cat - > /path/to/file\"" | at now
  #Or execute the command direclty without the echo | at now