Running tcpdump remotely

Copy

ssh 10.10.14.12@10.10.10.119 /usr/sbin/tcpdump -i any -U -w - 'not port 22' > tcpdump.cap

• -i any: capture packets from all interfaces

• -U: packet buffered output

• -w: write the raw packets to file rather than parsing and printing them out

• not port 22: exclude traffic from port 22