Using the powers of Wireshark for capturing data on the wire.


There are many different ways to capture data with Wireshark, some of which can be helpful. Here are some methods for capturing.


Below are some examples of capturing data that I have done over the years which have proven helpful.

simple capturing while excluding SSH traffic and DNS traffic

tcpdump -i eth0 -s0 port not 22 and port not 53

capturing from remote host with Mac

  1. Create your pipe with mkfifo capturefile
  2. Run wireshark with wireshark -k -i capturefile &
  3. Start your capture with `ssh [email protected] “tcpdump -i eth0 -p -n -s0 -w - port 80” > capturefile

Wireshark should now be able to report the contents of the capture.

