Linux

Imagine your on PC1 doing a tcpdump to a file but you dont have enough room, solution stay on PC1 run the same tcpdump command but pipe it through ssh and save it else where
TCPDUMP & Save Capture to Remote Server
########################################

This is useful when the local machine where you need to do the packet capture with tcpdump doesn’t have enough room to save the file, where as your remote host does

tcpdump -i eth0 -w – | ssh savelocation.com -c arcfour,blowfish-cbc -C -p 50005 “cat – > /tmp/eth0.pcap”

Your @ PC1 doing a tcpdump of PC1s eth0 interface and its going to save the output @ PC2 who is called save.location.com to a file /tmp/ppp1-to-me.pcap.gz again on PC2
TCPDUMP & Save Capture to Remote Server w/ GZIP
###############################################

NOTE: When opening the files you might need to strip the very top line with notepad++ as its a mistake header

This is useful when the local machine where you need to do the packet capture with tcpdump doesn’t have enough room to save the file, where as your remote host does

tcpdump -i eth0 -w – | ssh forge.remotehost.com -c arcfour,blowfish-cbc -C -p 50005 “cat – | gzip > /tmp/eth0.pcap.gz”

Your @ PC1 doing a tcpdump of PC1s eth0 interface and its going to save the output @ PC2 who is called save.location.com to a file /tmp/eth0-to-me.pcap.gz again on PC2

Leave a Reply

Your email address will not be published. Required fields are marked *