I am trying to collect HTTP requests and responses from a remote host using Wireshark using SSH tunnel. So I have Windows host with Wireshark on it, and Linux host with tcpdump on it and a web server listening on port 5000.
I execute tcpdump on the linux host and try to get the output on the windows host. I can see the flow of the packets pretty well, but I see NO HTTP!
When I try to send any request to the web host I see some tcp packets flowing in and out, but no HTTP. It must be mentioned the I see the HTTP requests and responses when I execute the same tcpdump command on Linunx host.
C:\Users\mne\Desktop\plink.exe -ssh -pw XZY root@somehost.com "tcpdump -i any 'port 5000'" -w - | "C:\Program Files\Wireshark\Wireshark.exe" -k -i -
This is how the output looks like:
Could any one help me to get the HTTP data in Wireshark to be able to analyze them?
UPDATE
I export the output of dumptcp to a file (where I can clearly see HTTP requests body and header). I tried to open that file in Wireshark, but Wireshark was UNABLE to display the HTTP.
