10/22/2023 0 Comments Wireshark tcpdump![]() ![]() ![]() And that’s it!Īnd here’s how to combine these two commands into a single command that is issued on the local PC: ssh 'sudo tcpdump -n -i tun0 -s 65535 -w - not port 22' | wireshark -k -S -i. All output of tcpdump is forwarded to netcat which in turn forwards all traffic to the local PC with IP address 192.168.55.9 via port 9999. ![]() ![]() Wlan0 is the interface to trace (use ifconfig to check which other interfaces are available as well) and ‘not port 9999’ excludes all forwarded traffic to the local PC to be included in the trace. On the access point, tracing is started with the following command via an SSH shell: sudo tcpdump -n -i wlan0 -s 65535 -w - not port 9999 | nc 192.168.55.9 9999 This command starts netcat (nc), asks it to wait for an incoming connection on port 9999 and to forward the standard ports to Wireshark. To start remote tracing, the data sink on the local PC and the forwarding of all data it receives to Wireshark has to be started as follows: sudo nc -l 9999 | wireshark -k -S -i. On the local PC netcat (nc) and Wireshark have to be installed. The VPN backhaul isn’t needed for the tracing part at all but the solution presented below lets me trace on the local Wi-Fi interface, on the backhaul interface (Wi-Fi or Ethernet) and the VPN tunnel interface itself. The access point is a Raspberry Pi with VPN backhaul that I’ve recently put together. When everything is put together I can start tracing with a single command. Recently, I’ve added yet another variant to my bag of tricks: Tracing on a Wi-Fi Access point with forwarding of all captured data to my PC for online debugging. There are various way to use Wireshark to trace anything from local traffic to Wi-Fi packets and even Bluetooth. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |