Re: Wireshark on Windows 10 -trying to sniff traffic on a remote machine via sshdump not working

[AllSort ofQuestions via Wireshark-users <wireshark-users () wireshark org>]

Yes i do have access 
there is something broken with the piping on windowsI have tried a similar command with plink ...if I don't pipe the 
command to wireshark I can see traffic on the screen

 PF 

    On Monday, January 21, 2019 6:42 AM, Hugo van der Kooij <hugo.van.der.kooij () qsight nl> wrote:
 

 #yiv1564645580 -- filtered {panose-1:2 4 5 3 5 4 6 3 2 4;}#yiv1564645580 filtered {font-family:Calibri;panose-1:2 15 5 
2 2 2 4 3 2 4;}#yiv1564645580 filtered {font-family:dfkai-sb;panose-1:0 0 0 0 0 0 0 0 0 0;}#yiv1564645580 
p.yiv1564645580MsoNormal, #yiv1564645580 li.yiv1564645580MsoNormal, #yiv1564645580 div.yiv1564645580MsoNormal 
{margin:0cm;margin-bottom:.0001pt;font-size:12.0pt;font-family:New serif;}#yiv1564645580 a:link, #yiv1564645580 
span.yiv1564645580MsoHyperlink {color:blue;text-decoration:underline;}#yiv1564645580 a:visited, #yiv1564645580 
span.yiv1564645580MsoHyperlinkFollowed {color:purple;text-decoration:underline;}#yiv1564645580 
p.yiv1564645580msonormal0, #yiv1564645580 li.yiv1564645580msonormal0, #yiv1564645580 div.yiv1564645580msonormal0 
{margin-right:0cm;margin-left:0cm;font-size:12.0pt;font-family:New serif;}#yiv1564645580 span.yiv1564645580EmailStyle18 
{font-family:sans-serif;font-variant:normal !important;color:#1E4EB8;text-transform:none;text-decoration:none 
none;}#yiv1564645580 .yiv1564645580MsoChpDefault {font-size:10.0pt;}#yiv1564645580 filtered {margin:72.0pt 72.0pt 
72.0pt 72.0pt;}#yiv1564645580 div.yiv1564645580WordSection1 {}#yiv1564645580 First off.Can you SSH into the machine and 
get a prompt?  Then I would look into other options that the remote server might have disabled for SSH connections.  
And make sure your tcpdump version supports all options mentioned in the debug file.  Met vriendelijke groet / With 
kind regards,Hugo van der Kooij  From: Wireshark-users <wireshark-users-bounces () wireshark org> On Behalf Of AllSort 
ofQuestions via Wireshark-users
Sent: zaterdag 19 januari 2019 18:44
To: wireshark-users () wireshark org
Cc: AllSort ofQuestions <allsortofquestions () yahoo com>
Subject: [Wireshark-users] Wireshark on Windows 10 -trying to sniff traffic on a remote machine via sshdump not working 
 Hi guys  I am trying to sniff the traffic on a remote Linux machineThe local machine is Windows 10 and the wireshark 
version is 2.9 (I also tried 2.6.6, latest obtained via Check for updates)  Here is what the debug file shows me when I 
use the sshdump interface  cmdline: C:\Program Files\Wireshark\extcap\sshdump.exe --capture --extcap-interface sshdump 
--fifo \\.\pipe\wireshark_extcap_sshdump_20190119121535 --remote-host 10.16.31.37 --remote-password XXXXXXXXXXX --debug 
true --remote-sudo true --remote-capture-command tcpdump -U -i ens160 -w- --debug-file debug.txt --remote-username 
minime --remote-interface ens160 Remote capture command has disabled other optionsRunning: tcpdump -U -i ens160 -w-


the firewall is inactiveusing tcpdump at the remote end I can see wireshark trying to establish connection
using who shows me no user from my worskstation address..I think the session is not opening but I can't say what is 
wrong

thanksMiniMe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe