At home I use ClearOS (free) as my firewall\/gateway. The one thing that ClearOS lacks is a graphical packet analyzer. However, the combined use of SSH, Wireshark and tshark solves this problem perfectly.<\/p>\n
Our first step is to setup a passwordless SSH environment on our local host<\/strong>. To do this, we just need to follow three simple steps:<\/p>\n 1. Create the public and private keys on our local host<\/strong><\/p>\n 2. Copy the public key to the remote host<\/strong><\/p>\n 3. Login to the remote host<\/strong> without a password to verify it worked<\/p>\n Now that we have a passwordless SSH environment and are logged in, we can move on to installing tshark on our remote host<\/strong>. On ClearOS, we have to do this by installing the ‘wireshark’ package:<\/p>\n Next we need to install Wireshark on our local host<\/strong> (I use Ubuntu):<\/p>\n Great! Now it’s time to login to our remote host<\/strong> using SSH, issue a command to start tshark and write the captured packets back to stdout which is then piped into Wireshark on our local host<\/strong>. Don’t worry. Thanks to our above preparations, we can do this all in one easy command:<\/p>\n That’s it! After issuing this command, you should be looking at the traffic of the remote host<\/strong>.<\/p>\n For a list of other one-liner commands that accomplish the same as the above, please visit http:\/\/www.commandlinefu.com\/commands\/view\/4373\/analyze-traffic-remotely-over-ssh-w-wireshark<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" At home I use ClearOS (free) as my firewall\/gateway. The one thing that ClearOS lacks is a graphical packet analyzer. However, the combined use of SSH, Wireshark and tshark solves this problem perfectly. Our first step is to setup a …<\/p>\n$ssh-keygen<\/pre>\n
$ ssh-copy-id -i ~\/.ssh\/id_rsa.pub remote-host-ip<\/pre>\n
$ssh root@remote-host-ip<\/pre>\n
$yum install wireshark<\/pre>\n
$sudo apt-get install wireshark<\/pre>\n
$ssh root@remote-host-ip 'tshark -f \"port !22\" -i any -w -' | wireshark -k -i -<\/pre>\n