Advanced network debugging

In some cases it might be useful to see the live network traffic in wireshark and not only the tcpdump output on the console.

Prerequisites:

  • Netmodule Router
  • Wireshark on your local computer.
  • SSH client on your local computer.

We can get the output of tcpdump via ssh and pipe it directly in wireshark, no need to save the dump and load it in wireshark. This can be done on linux and windows too.

Linux:

ssh root@192.168.1.1 tcpdump -U -i any -w - 'not port 22' | wireshark -k -i -

Windows:

plink.exe -ssh -pw admin01 root@192.168.1.1 “tcpdump -i any -vn not port 22” | “C:\Program Files\Wireshark\Wireshark.exe” -i -

You can specify the interface with the -i parameter e.g.: “tcpdump -i lan0 -w - 'not port 22'

We recommend you to exclude the SSH port (22) that you only caputre the traffic you are interested in.