Wireshark mailing list archives

Re: Wireshark on Windows 10 -trying to sniff traffic on a remote machine via sshdump not working

From: Hugo van der Kooij <hugo.van.der.kooij () qsight nl>
Date: Mon, 21 Jan 2019 11:41:32 +0000

First off.

Can you SSH into the machine and get a prompt?



Then I would look into other options that the remote server might have 
disabled for SSH connections.



And make sure your tcpdump version supports all options mentioned in the debug 
file.



Met vriendelijke groet / With kind regards,

Hugo van der Kooij



From: Wireshark-users <wireshark-users-bounces () wireshark org> On Behalf Of 
AllSort ofQuestions via Wireshark-users
Sent: zaterdag 19 januari 2019 18:44
To: wireshark-users () wireshark org
Cc: AllSort ofQuestions <allsortofquestions () yahoo com>
Subject: [Wireshark-users] Wireshark on Windows 10 -trying to sniff traffic on 
a remote machine via sshdump not working



Hi guys



I am trying to sniff the traffic on a remote Linux machine

The local machine is Windows 10 and the wireshark version is 2.9 (I also tried 
2.6.6, latest obtained via Check for updates)



Here is what the debug file shows me when I use the sshdump interface



cmdline: C:\Program 
Files\Wireshark\extcap\sshdump.exe --capture --extcap-interface sshdump --fifo 
\\.\pipe\wireshark_extcap_sshdump_20190119121535 
<file://./pipe/wireshark_extcap_sshdump_20190119121535>  --remote-host 
10.16.31.37 --remote-password XXXXXXXXXXX --debug true --remote-sudo 
true --remote-capture-command tcpdump -U -i ens160 -w- --debug-file 
debug.txt --remote-username minime --remote-interface ens160

Remote capture command has disabled other options

Running: tcpdump -U -i ens160 -w-


the firewall is inactive

using tcpdump at the remote end I can see wireshark trying to establish 
connection
using who shows me no user from my worskstation address..I think the session 
is not opening but I can't say what is wrong

thanks

MiniMe

Attachment: smime.p7s
Description:

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Wireshark on Windows 10 -trying to sniff traffic on a remote machine via sshdump not working AllSort ofQuestions via Wireshark-users (Jan 19)
- Re: Wireshark on Windows 10 -trying to sniff traffic on a remote machine via sshdump not working Hugo van der Kooij (Jan 21)
- <Possible follow-ups>
- Re: Wireshark on Windows 10 -trying to sniff traffic on a remote machine via sshdump not working AllSort ofQuestions via Wireshark-users (Jan 21)