Re: Add support for remote capture in linux

[Guy Harris <guy () alum mit edu>]

On Oct 2, 2015, at 3:35 AM, Dario Lombardo <dario.lombardo.ml () gmail com> wrote:

> Remote capture is not currently supported by the current wireshark under linux.

...or any other OS where libpcap doesn't support it; there's nothing Linux-specific about this.

> This can be achieved by ssh + pipe like this
>
> ssh host 'dumpcap -i bla -w -' | wireshark
>
> that works flawlessly

...as long as the remote machine has dumpcap installed *and*, if you ssh to that machine:

        1) dumpcap is in your path;

        2) dumpcap has sufficient privileges to capture.

If dumpcap isn't installed, you could try tcpdump, although you'd have to arrange that 1) and 2) be true of tcpdump.

Note also that, even on Windows, where WinPcap does include remote capture support, that only supports remote capture 
using recapd; "run dumpcap/tcpdump with ssh" could also allow remote capture from Wireshark-on-Windows if the remote 
machine doesn't support rpcap.

Unfortunately, the link

        https://code.wireshark.org/review/#/c/10740/

doesn't work, so I can't see if there's anything in the code restricting it to Linux, but it should *NOT* be restricted 
to Linux - or even to UN*X in general.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe