Marlboro Filter Posted October 7, 2012 Share Posted October 7, 2012 i'm Wondering is it possible to do remote capture from pineapple using wireshark remotely ? Quote Link to comment Share on other sites More sharing options...
PineDominator Posted October 7, 2012 Share Posted October 7, 2012 (edited) of course If you have enough bandwidth. the Interceptor is suppose to do this. Not sure If it's still being worked on? you can also install tcpdump and dump it all to the usb drive. then access that remotely Edited October 7, 2012 by petertfm Quote Link to comment Share on other sites More sharing options...
Marlboro Filter Posted October 8, 2012 Author Share Posted October 8, 2012 Afaik, dump to usb mean offline capture right ? Is it possible to do live traffic capture ? Quote Link to comment Share on other sites More sharing options...
PineDominator Posted October 8, 2012 Share Posted October 8, 2012 Afaik, dump to usb mean offline capture right ? Is it possible to do live traffic capture ? I remember an older hak5 episode where they sent a tcpdump to another ip on the same network. maybe netcat/ssh tunnel? of course if you can connect to the pineapple you can ssh in and just issue a dump and see it all on-screen Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted October 8, 2012 Share Posted October 8, 2012 http://wiki.wireshark.org/CaptureSetup/Pipes#Remote_Capture Quote Link to comment Share on other sites More sharing options...
Marlboro Filter Posted October 10, 2012 Author Share Posted October 10, 2012 i still have no luck :( :( :( :( :( with remote capturing. I already read all the wiki and google it. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted October 11, 2012 Share Posted October 11, 2012 I happened to run across this bit of info: ANALYZE TRAFFIC REMOTELY OVER SSH W/ WIRESHARK ssh root@server.com ‘tshark -f “port !22″ -w -’ | wireshark -k -i - This captures traffic on a remote machine with tshark, sends the raw pcap data over the ssh link, and displays it in wireshark. Hitting ctrl+C will stop the capture and unfortunately close your wireshark window. This can be worked-around by passing -c # to tshark to only capture a certain # of packets, or redirecting the data through a named pipe rather than piping directly from ssh to wireshark. I recommend filtering as much as you can in the tshark command to conserve bandwidth. tshark can be replaced with tcpdump thusly: ssh root@example.com tcpdump -w – ‘port !22′ | wireshark -k -i - http://blog.urfix.com/25-ssh-commands-tricks/ Quote Link to comment Share on other sites More sharing options...
Marlboro Filter Posted October 14, 2012 Author Share Posted October 14, 2012 i still have no luck with this :( :( :( :( :( :( it's really strange it said, 'ash: tcpdump: not found' Quote Link to comment Share on other sites More sharing options...
PineDominator Posted October 14, 2012 Share Posted October 14, 2012 i still have no luck with this :( :( :( :( :( :( it's really strange it said, 'ash: tcpdump: not found' Hmm I have updated my setup script to sym link more things from usb to the regular filesystem, this should make more things installed to usb compatable, you have to run it after installing to usb ln -s /usb/usr/sbin/* /usr/sbin/ Quote Link to comment Share on other sites More sharing options...
Marlboro Filter Posted October 19, 2012 Author Share Posted October 19, 2012 Thanks petertfm Tcpdump issue has been solved, but in wireshark window it doesn't capture anything Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.