commandlinefu.com is the place to record those command-line gems that you return to again and again.
You can sign-in using OpenID credentials, or register a traditional username and password.
Subscribe to the feed for:
commandline for mac os x
analyze traffic remotely over ssh w/ wireshark
When using tcpdump, specify -U option to prevent buffering and -iany to see all interfaces.
dsniff is general purpose password sniffer, it handles *lots* of different protocols, but it also handles tcp-style expressions for limiting analyzed traffic - so I can limit it to work on pop3 only.
The command is useful for monitoring the use of the boxes and their connection IP.
Result file "sniff" is readable with GUI program "wireshark" or through CLI with the command:
tcpdump -f "sniff" -XX
When using tcpdump, specify -U option to prevent buffering.
Please check out my blog article on this for more detail. http://jdubb.net/blog/2009/08/07/monitor-wireshark-capture-real-time-on-remote-host-via-ssh/
This allows you to display the wireshark program running on remote pc to your local pc.
This captures traffic on a remote machine with tshark, sends the raw pcap data over the ssh link, and displays it in wireshark. Hitting ctrl+C will stop the capture and unfortunately close your wireshark window. This can be worked-around by passing -c # to tshark to only capture a certain # of packets, or redirecting the data through a named pipe rather than piping directly from ssh to wireshark. I recommend filtering as much as you can in the tshark command to conserve bandwidth. tshark can be replaced with tcpdump thusly:
ssh email@example.com tcpdump -w - 'port !22' | wireshark -k -i -