THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question

Revision history  [back]

Revision 3
diegoj.dominguez's avatar
1
diegoj.dominguez
updated 2020-02-23 18:03:08 +0000

Windows remote ssh capture not getting packets

Scenario: Host: Windows 10 pro Guest (VirtualBox): Ubuntu Server 18.04 Wireshark version: 3.2.1 (v3.2.1-0-gbf38a67724d0)

Test #1, local capture in guest Ubuntu) When typed in Ubuntu terminal (as root):

tcpdump -ni enp0s8 -s 0 -w - not port 22

It does work, capturing packets to tty screen

Test #2, plink remote capture) From Windows’ console:

plink.exe -batch -ssh -pw charate19 [email protected] "tcpdump -ni enp0s8 -s 0 -w - not port 22" | "C:\Program Files\Wireshark\Wireshark.exe" -k -i –

Wireshark connects but gets no packet (root ssh password login is enabled)

tcpdump is running OK in Ubuntu:

UID        PID      PPID    C STIME     TTY          TIME CMD
root     10542  10447  0 11:30      ?        00:00:00 tcpdump -ni enp0s8 -s 0 -w - not port 22

Test #3, Wireshark’s ssh remote capture From Windows’s Wireshark, SSH remote capture interface, with options:

Remote SSH server address = 192.168.176.2
Remote SSH server port = 22
Remote SSH server username = root
Remote SSH server password = my-password
Remote interface = enp0s8
Remote interface = enp0s8
Remote capture command = /usr/sbin/tcpdump -s 0 -w -
Remote capture filter = not port 22
Packets to capture = 0

Again, Wireshark connects but gets no packet

tcpdump is running in Ubuntu (but no interface set):

UID        PID  PPID  C STIME TTY          TIME CMD
root     10677 10560  0 11:47 ?        00:00:00 /usr/sbin/tcpdump -s 0 -w –

As neither interface nor filter appear, the same but with:

Remote capture command = /usr/sbin/tcpdump -ni enp0s8 -s 0 -w - not port 22

UID        PID  PPID  C STIME TTY      TIME CMD
root     11246 11149  0 11:51 ?        00:00:00 /usr/sbin/tcpdump -ni enp0s8 -s 0 -w - not

Summary: Remote Wireshark gets no packet, but launches remote tcpdump with right parameters

Revision 2
grahamb's avatar
23.8k
grahamb
updated 2020-02-23 13:06:10 +0000

Windows remote ssh capture not getting packets

Scenario: Host: Windows 10 pro Guest (VirtualBox): Ubuntu Server 18.04 Wireshark version: 3.2.1 (v3.2.1-0-gbf38a67724d0) 18.04

Test #1, local capture in guest Ubuntu) When typed in Ubuntu terminal (as root):

tcpdump -ni enp0s8 -s 0 -w - not port 22

It does work, capturing packets to tty screen

Test #2, plink remote capture) From Windows’ console:

plink.exe -batch -ssh -pw charate19 [email protected] "tcpdump -ni enp0s8 -s 0 -w - not port 22" | "C:\Program Files\Wireshark\Wireshark.exe" -k -i –

Wireshark connects but gets no packet (root ssh password login is enabled)

tcpdump is running OK in Ubuntu:

UID        PID      PPID    C STIME     TTY          TIME CMD
root     10542  10447  0 11:30      ?        00:00:00 tcpdump -ni enp0s8 -s 0 -w - not port 22

Test #3, Wireshark’s ssh remote capture From Windows’s Wireshark, SSH remote capture interface, with options:

Remote SSH server address = 192.168.176.2
Remote SSH server port = 22
Remote SSH server username = root
Remote SSH server password = my-password
Remote interface = enp0s8
Remote interface = enp0s8
Remote capture command = /usr/sbin/tcpdump -s 0 -w -
Remote capture filter = not port 22
Packets to capture = 0

Again, Wireshark connects but gets no packet

tcpdump is running in Ubuntu (but no interface set):

UID        PID  PPID  C STIME TTY          TIME CMD
root     10677 10560  0 11:47 ?        00:00:00 /usr/sbin/tcpdump -s 0 -w –

As neither interface nor filter appear, the same but with:

Remote capture command = /usr/sbin/tcpdump -ni enp0s8 -s 0 -w - not port 22

UID        PID  PPID  C STIME TTY      TIME CMD
root     11246 11149  0 11:51 ?        00:00:00 /usr/sbin/tcpdump -ni enp0s8 -s 0 -w - not

Summary: Remote Wireshark gets no packet, but launches remote tcpdump with right parameters

Revision 1
diegoj.dominguez's avatar
1
diegoj.dominguez
asked 2020-02-23 12:11:49 +0000

Windows remote ssh capture not getting packets

Scenario: Host: Windows 10 pro Guest (VirtualBox): Ubuntu Server 18.04

Test #1, local capture in guest Ubuntu) When typed in Ubuntu terminal (as root):

root):
tcpdump -ni enp0s8 -s 0 -w - not port 22

It does work, capturing packets to tty screen

Test #2, plink remote capture) From Windows’ console:

console:
plink.exe -batch -ssh -pw charate19 [email protected] "tcpdump -ni enp0s8 -s 0 -w - not port 22" | "C:\Program Files\Wireshark\Wireshark.exe" -k -i –

Wireshark connects but gets no packet (root ssh password login is enabled)

tcpdump is running OK in Ubuntu:

 UID        PID      PPID    C STIME     TTY          TIME CMD
root     10542  10447  0 11:30      ?        00:00:00 tcpdump -ni enp0s8 -s 0 -w - not port 22
22

Test #3, Wireshark’s ssh remote capture From Windows’s Wireshark, SSH remote capture interface, with options:

options:
    Remote SSH server address = 192.168.176.2
 Remote SSH server port = 22
 Remote SSH server username = root
 Remote SSH server password = my-password
 Remote interface = enp0s8
 Remote interface = enp0s8
 Remote capture command = /usr/sbin/tcpdump -s 0 -w -
 Remote capture filter = not port 22
 Packets to capture = 0
0

Again, Wireshark connects but gets no packet

* tcpdump is running in Ubuntu (but no interface set):

set):*
UID        PID  PPID  C STIME TTY          TIME CMD
root     10677 10560  0 11:47 ?        00:00:00 /usr/sbin/tcpdump -s 0 -w

As neither interface nor filter appear, the same but with:

 Remote capture command = /usr/sbin/tcpdump -ni enp0s8 -s 0 -w - not port 22
 UID        PID  PPID  C STIME TTY       TIME CMD
root     11246 11149  0 11:51 ?        00:00:00 /usr/sbin/tcpdump -ni enp0s8 -s 0 -w - not
not

Summary: Remote Wireshark gets no packet, but launches remote tcpdump with right parameters