On Oct 2, 2015, at 3:35 AM, Dario Lombardo <dario.lombardo...@gmail.com> wrote:
> Remote capture is not currently supported by the current wireshark under
> linux.
...or any other OS where libpcap doesn't support it; there's nothing
Linux-specific about this.
> This can be achieved by ssh + pipe like this
>
> ssh host 'dumpcap -i bla -w -' | wireshark
>
> that works flawlessly
...as long as the remote machine has dumpcap installed *and*, if you ssh to
that machine:
1) dumpcap is in your path;
2) dumpcap has sufficient privileges to capture.
If dumpcap isn't installed, you could try tcpdump, although you'd have to
arrange that 1) and 2) be true of tcpdump.
Note also that, even on Windows, where WinPcap does include remote capture
support, that only supports remote capture using recapd; "run dumpcap/tcpdump
with ssh" could also allow remote capture from Wireshark-on-Windows if the
remote machine doesn't support rpcap.
Unfortunately, the link
https://code.wireshark.org/review/#/c/10740/
doesn't work, so I can't see if there's anything in the code restricting it to
Linux, but it should *NOT* be restricted to Linux - or even to UN*X in general.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
