Create a named pipe:
# mkfifo /tmp/tcpdump
make it readable only by a local user that will connect from remote
# chown lele /tmp/tcpdump # chmod 600 /tmp/tcpdump
Run tcpdump as root and redirect the packets to the named pipe:
# tcpdump -s 0 -U -n -w - -i eth0 not port 22 > /tmp/tcpdump
Create a named pipe:
$ mkfifo /tmp/remote
Start wireshark from the command line pointing at the created pipe
$ wireshark -k -i /tmp/remote &
Tunnel data via ssh from remote pipe to local pipe:
$ ssh unprivuser@firewall "cat /tmp/tcpdump" > /tmp/remote
Le pipe si aprono quando vengono lette da wireshark e vengono chiuse (compreso il processo che sta scrivendo e cioe' tcpdump) quando wireshark ferma la cattura.