但是不是所有的機器都有裝像是 wireshark 這樣的軟體
但是 tcpdump 這樣的指令, 一般來說 Linux 都會內建
所以就可以透過 SSH 使用 tcpdump 指令來分析遠端的封包
ssh email@example.com tcpdump -U -s0 -w - 'not port 22' | wireshark -k -i -
- 192.168.123.101 為遠端 IP
- -U Make output saved via the -w option ``packet-buffered''; i.e., as each packet is saved, it will be written to the output file, rather than being written only when the output buffer fills. The -U flag will not be supported if tcpdump was built with an older version of libpcap that lacks the pcap_dump_flush() function.
- -w Write the raw packets to file rather than parsing and printing them out. They can later be printed with the -r option. Standard output is used if file is ``-''. See pcap-savefile(5) for a description of the file format.
- - 'not port 22' 為擷取的條件, 非 port 22
- -k Start the capture session immediately. If the -i flag was specified, the capture uses the specified interface. Otherwise, Wireshark searches the list of interfaces, choosing the first non-loopback interface if there are any non-loopback interfaces, and choosing the first loopback interface if there are no non-loopback interfaces; if there are no interfaces, Wireshark reports an error and doesn't start the capture.