Can I remote capture clients traffic via ssh from pineapple using Wireshark ?

[Mattew]

hello everyone, this is my first post, can You help me to remote capture clients traffic via ssh (USBC or Wifi Managed AP) from pineapple using Wireshark ? What i supposed to do ? This is my first contact with Wifi Pineapple. Thx 4 help

[dark_pyrro]

Not really sure why you specifically want to use Wireshark, but if you want to capture traffic on some of the Pineapples interfaces then why not use tcpdump.

[Mattew]

I'm new Wifi Pineapple user and I don't know how what i supposed to do in tcpdump module.

I am also curious if it is possible to capture traffic from pineapple live via SSH just like I would carry out an ARP spoof attack using bettercap

[dark_pyrro]

Start reading about tcpdump basics and you can transfer that obtained knowledge to the Pineapple module if you wish to use it.

[dark_pyrro]

And, yes, it's possible to use Wireshark remotely over ssh and get output from tcpdump running on the Pineapple.

[DramaKing]

I think there is a bettercap package for OpenWRT (opkg install bettercap), but Wireshark is a GUI tool. The Pineapple has no desktop, not even if you used VNC. And SSH is CLI anyway. There's tshark, but if you need to learn that anyway, it would be better to use tcpdump or the net.sniff module in bettercap if available.

[DramaKing]

2 hours ago, dark_pyrro said:

And, yes, it's possible to use Wireshark remotely over ssh and get output from tcpdump running on the Pineapple.

I assume that would involve some kind of SSH forwarding to pipe or connect tcpdump to Wireshark.

[Mattew]

I mean using this feature in Wireshark and watching the traffic live on your computer

[url=https://postimg.cc/7CrLrn3h][img]https://i.postimg.cc/7CrLrn3h/Wireshark.png[/img][/url]

[dark_pyrro]

You can probably use that feature. It's nothing that I've actively used anyway to get remote captures into Wireshark.

[DramaKing]

First search result that I found on the feature was this: https://stackoverflow.com/questions/49777238/how-do-i-use-ssh-remote-capture-in-wireshark

Short version is that sshdump  is a tool that's part of Wireshark. You run it on the remote system and connect to it using the popup that appears when selecting that interface.

[exec4]

As there is no specification how the client is connected, I will make an easy example here:

Let's assume the client is connected to Open AP using IP 172.16.42.175.
You are connected by USB.

Just start Wireshark on your box, then

This should work.

 

 

 

 

Edited August 24, 2022 by exec4