|
Based on ssh-tcpdump, but uses dumpcap and supports specifying the
hostname and interface through capture options. Should probably
integrate that with ssh-tcpdump, but I quickly needed something working.
Known issues:
- On exit Wireshark assumes that stderr is an error.
- dumpcap does not exit on the remote server, tracked by
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14431
- Stopping a capture, killing dumpcap and starting a capture again
results in a corrupted dissection (interpreted as ERF). The pcapng
file on the filesystem is ok, it is just a GUI problem.
Tested with Wireshark v2.9.1rc0-558-geec3ce3bb2.
|
