First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

How to clear packet list during live capture?

How do I clear the Packet List during a live capture session? The Stop/Start and Restart options do not work for me because I am capturing packets that are piped back to WireShark via SSH.

ssh myserver "sudo tcpdump -i mynetworkinterface -w -" | "/c/Program Files/Wireshark/Wireshark.exe" -k -i -

Of course, I can close the application altogether and relaunch it from the CLI, but it's a little annoying. It seems like an option to "Clear Packet List" would be somewhat minor, almost trivial, to implement.

pcpro178's avatar
3
pcpro178
asked 2023-01-13 18:07:37 +0000
edit flag offensive 0 remove flag close merge delete

Comments

Have you considered using the sshdump extcap interface to capture with?

Jaap's avatar Jaap (2023-01-13 20:24:14 +0000) edit
more
  • delete

How exactly would that work? Example?

pcpro178's avatar pcpro178 (2023-01-14 02:03:11 +0000) edit
more
  • delete

When installing Wireshark, you have the option of installing the External Capture Interfaces which include sshdump.
On the Wireshark Welcome Screen it will be listed in the lower "Capture" section of the screen.
Click the gear next to "SSH remote capture" to specify the server connection, authentication information and command to run for the capture along with any options or capture filter.

Chuckc's avatar Chuckc (2023-01-14 03:09:31 +0000) edit
more
  • delete

Unfortunately, I am not able to create a SSH session directly from my workstation to the network interface (mynetworkinterface) that needs to be monitored. It is on a different network, only accessible from the remote system (myserver).

pcpro178's avatar pcpro178 (2023-01-16 14:41:15 +0000) edit
more
  • delete

The SSH session would be to myserver.

Chuckc's avatar Chuckc (2023-01-16 14:59:12 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

The packet list cannot be cleared, since it is a representation of the capture file that is build up from the data streaming in through the SSH connection. Stopping the capture, thereby killing the SSH connection is the only option available here.

Using the sshdump extcap interface should provide something more usable, but given the comments, is not in scope.

Jaap's avatar
13.7k
Jaap
answered 2023-01-16 21:36:41 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer