How to use Wireshark in live mode via SSHFS
I have a remote machine that I run experiments on. On this machine, I want to sniff the packets sent and received. On the machine in front of me, I want to open Wireshark and see the packets live.
The only way I have to access the remote machine is SSH.
What do I do?
- Establish an SSH-mount using SSHFS.
- Make sure that stdbuf is available (using homebrew on OS X or Cygwin on Windows).
Start capturing on the remote machine using
stdbuf -o0 sudo ibdump -s -o - > sniffer.pcap
Run Wireshark on the client
stdbuf -o0 tail -c +0 -F /sshfsmount/sniffer.pcap | ./Wireshark.exe -k -i -