sniffnet icon indicating copy to clipboard operation
sniffnet copied to clipboard
verified publisher icon GyulyVGC

Allow piping tcpdump from the command line (or support specifing the pcap file including standard input)

Open danielbodart opened this issue 7 months ago • 4 comments

Is there an existing issue for this?

  • [x] I have searched the existing issues.

Describe the solution you'd like

With wireshark I can pipe tcpdump over SSH to easily allow monitoring my whole network directly from the my internet router (i.e OpenWRT). Would be great if sniffnet also supported that.

Is your feature request related to a problem?

Allow remote monitoring of machines with full visibility of the network.

danielbodart avatar Jul 25 '25 07:07 danielbodart

This can maybe be implemented as part of #303

GyulyVGC avatar Jul 25 '25 07:07 GyulyVGC

Well the nice thing with this setup is you don't need to install anything on the remote host, you just run tcpdump over ssh and then pipe that to sniffnet. Also I imagine it's only a tiny amount of code to support using the stdio file descriptor for the streamed pcap file. Also it's the unix way which means you will support untold other ways of piping data to sniffnet

danielbodart avatar Jul 25 '25 08:07 danielbodart

Can you confirm that the command from this article is what you intended to use?

tcpdump -i any -U -s0 -w - 'not port 22' | wireshark -k -i -

I'm not sure if these are the correct parameters to let tcpdump export / wireshark import data in PCAP format, since I've never extensively used it.

GyulyVGC avatar Jul 25 '25 08:07 GyulyVGC

Yup that looks correct to me

danielbodart avatar Jul 27 '25 17:07 danielbodart