wireshark+ssh输出重定向跨主机抓包

适用于linux主机作为热点网络AP，然后给其他设备提供网络连接，那么所有的流量都经过linux主机转发，也就方便了流量分析。然后如果希望在另一台主机（windows）上看到实时的抓包情况，可以通过ssh连接到linux，ssh命令的输出重定向到windows的wireshark中。

linux上运行create_ap^[1]或者linux-wifi-hotspot^[2]或者linux_router^[3]

linux_router

注意如果windows上没有wireshark添加到环境变量的话需要添加换进变量或者使用wireshark的绝对路径。而且要用cmd不能用powershell，似乎是因为powershell的管道重定向不太一样^[4]。

windows上运行ssh+wireshark

ssh username@host "sudo tcpdump -i wlo1 -l -w -" | wireshark -k -i -

References

1. oblique/create_ap: [NOT MAINTAINED] This script creates a NATed or Bridged WiFi Access Point. (github.com) ↩
2. lakinduakash/linux-wifi-hotspot: Feature-rich wifi hotspot creator for Linux which provides both GUI and command-line interface. It is also able to create a hotspot using the same wifi card which is connected to an AP already ( Similar to Windows 10). (github.com) ↩
3. garywill/linux-router: Set Linux as router in one command. Support Internet sharing, redsocks, Wifi hotspot, IPv6. Can also be used for routing VM/containers 🛰️ (也欢迎关注B站 https://space.bilibili.com/2123686105 ) (github.com) ↩
4. 使用 tcpdump 和 Wireshark 进行远程实时抓包分析 - This Cute World ↩