Wireshark

Tips#

Filter#

dst host <name/ip>
src host <name/ip>
host <name/ip>
dst port <port>
src port <port>
port <port>
icmp
udp
tcp
rtsp
rtp
and &&
or ||
not !

Remote#

ssh [email protected] tcpdump -U -s0 'not port 22' -i eth0 -w - | wireshark -k -i -
mkfifo /tmp/remote
wireshark -k -i /tmp/remote
ssh [email protected] "tcpdump -s 0 -U -n -w - -i eth0 not port 22" > /tmp/remote