0

I would like to set up some small, low-end hardware wireshark capture points on my network. I am hoping I can use something like command-line linux (ubuntu mini for example) to keep it light-weight.

I see that there is "tshark" which is a command line version of wireshark.

I have also found articles on using wireshark on a remote linux machine and creating an ssh connection in to the tshark machine and analyzing the capture data.

However, I would like to do the same, but I want to use the Windows version of wireshark to do the analysis.

Is this possible and what do I need to do (I am open to using something other than tshark if that helps)?

Scott Szretter
  • 1,882
  • 11
  • 43
  • 66

1 Answers1

1

Just use your low-end box with tcpdump, tshark or wireshark (the console version) and save the output to a file. Then download that file to your powerful desktop and load it up to wireshark GUI version.

Janne Pikkarainen
  • 31,852
  • 4
  • 58
  • 81
  • I guess that works for most of my use cases, but I am also hoping for a real-time capability. I wonder if for example I could use putty to create an ssh tunnel, or some other option? – Scott Szretter Mar 28 '12 at 14:34