Tcpdump with windows Wireshark > sshdump

I wanted to see real-time traffic on my interfaces and I am a new user here. I have used wireshark for various reasons over the years and I jus thought I would share how I was able to get it working for me.

IPFire environment

IPFire 2.25 (x86_64) - Core Update 156
tcpdump --version
tcpdump version 4.99.0
libpcap version 1.10.0 (with TPACKET_V3)
OpenSSL 1.1.1k 25 Mar 2021

Client environment
Windows 10 21H1
**Wireshark 3.5.0rc0-2054-g5202119239f7 (v3.5.0rc0-2054-g5202119239f7

The standard download of wireshark is 3.4.6 does not have the proper SSL Kex to connect with IPFire as described on the blog here

With a little research I found that the SSL libraries for wireshark have been updated in the 3.5.0_RC available for various platforms here

A new installation with sshdump selected as an option is needed.

From there with a little google-foo and trial and error I was able to capture live data from any or all interfaces.
Change the highlighted section to the IP of the windows host you are using and live capture away to your hearts content!

1 Like