Show how capture remote traffic through ssh and analysis with wireshark.
the basic to do this is:
$ mkfifo /tmp/remoteif
$ ssh root@yourserver “tcpdump -ni pflog0 -w – host 10.20.30.40″ > /tmp/remoteif
$ wireshark -k -i /tmp/remoteif
* Tips: configure your remote user to use sudo to execute tcpdump. Configure root login without password using keys
450 total views, 1 views today