Wireshark · Wireshark-users: Re: [Wireshark-users] Remote Capture in Wireshark of a server located in multiple hopes away

Wireshark-users: Re: [Wireshark-users] Remote Capture in Wireshark of a server located in multipl

From: luke devon <luke_devon@xxxxxxxxx>

Date: Sat, 26 Sep 2020 03:26:17 +0000 (UTC)

Hi Chuck,

Thanks for the shared info.

I don't have a problem with run wireshark to capture real-time tcpdump traces from one server which is located in one hop away. No issues at all.

But my question is, how to take such a real-time tcpdump two or three hops away.

As I described in my first email,

I have SSH access to Server A, But I don't have SSH access to Server B.

Server A has SSH access to Server B.

So I need to capture real-time tcpdump of Server B, via Server A.

Regards,

Luke

On Friday, 25 September 2020, 11:58:35 pm SGT, chuck c <bubbasnmp@xxxxxxxxx> wrote:

There are "plink" example on the Wireshark Q&A site (ask.wireshark.org):

https://ask.wireshark.org/questions/scope:all/sort:activity-desc/page:1/query:plink/

And remote capture on the Wiki:

https://gitlab.com/wireshark/wireshark/-/wikis/CaptureSetup/Pipes#remote-capture

On Fri, Sep 25, 2020 at 10:36 AM luke devon via Wireshark-users <wireshark-users@xxxxxxxxxxxxx> wrote:

HI

I want to run Wireshark in my local windows machine to pipe (to capture live traffic) remote Linux server's tcpdump. Following is the network setup.

My work station ---> Server A ---> Server B

* My workstation can ssh to Server A, But I can't access Server B
* Server A has ssh access to Server B
* I want (my work station ) to capture live traffic of Server B

All SSH are running on port 22. Can we use plink tool?

Please help.

Thanks in advance,
Luke.

___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

Follow-Ups:
- Re: [Wireshark-users] Remote Capture in Wireshark of a server located in multiple hopes away
  - From: Stuart Longland

References:
- [Wireshark-users] Remote Capture in Wireshark of a server located in multiple hopes away
  - From: luke devon
- Re: [Wireshark-users] Remote Capture in Wireshark of a server located in multiple hopes away
  - From: chuck c

Prev by Date: Re: [Wireshark-users] Remote Capture in Wireshark of a server located in multiple hopes away
Next by Date: Re: [Wireshark-users] Remote Capture in Wireshark of a server located in multiple hopes away
Previous by thread: Re: [Wireshark-users] Remote Capture in Wireshark of a server located in multiple hopes away
Next by thread: Re: [Wireshark-users] Remote Capture in Wireshark of a server located in multiple hopes away
Index(es):
- Date
- Thread