Last Updated: April 15, 2016
· justgoscha

Tracing with Wireshark on a remote PC via ssh

Open two terminals !

In the first terminal:

mkfifo /tmp/fifofo
ssh root@ "sudo tcpdump -s 0 -U -n -w - -i any not port 22" > /tmp/fifofo

In the second terminal:

wireshark -k -i /tmp/fifofo

Now go back to the first terminal and type in the password.
Now you should see the trace in Wireshark!