Jump to content

Wireshark, tcpdump, piping from bsd remote to linux local


rfinterference
 Share

Recommended Posts

Hello!

So i have been stuck on this for a little while and figuired if anyone would know how to do this it would be you guys. I have a pfsense box that I would like to pipe tcpdump from to wireshark on my local machine. This is normally easy to accomplish going from linux or bsd but pfsense goes to a console when you ssh in as root(admin). This stops the command from working.

I have tried a few things to get around this such as creating a new user "this gets rid of the console problem" but creates a new problem. Pfsense does not have sudo and even with the new user added to the wheel group adding su - keeps it from running tcpdump and instead drops to a prompt.

I also attempted to use an expect script to automate getting around the console but even though it does run tcpdump like this it wont pipe it.

I am not a complete noob when it comes to linux but my cli-fu seems pretty weak in this area. Here is the command I usually use:

ssh username@XXX.XXX.XXX.XXX tcpdump -U -s0 -w - 'not port 22' | wireshark -k -i -

Thats what I would like to accomplish going to the pfsense box.

Thanks in advance!

rfi

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...