Analyze Traffic on EvE-NG With Wireshark
How to analyze traffic from your EvE-NG nodes with Wireshark
- Step 1: Configure Wireshark SSH remote capture
- Step 2: Identify the remote interface you want Wireshark to listen to
- Step 3: Connect and begin analyzing traffic
- Step 4: Optional settings
Step 1: Configure Wireshark SSH remote capture.
Open Wirehark and select ‘SSH remote capture’
Configure SSH connection settings
Enter your credentials (defaults are shown below)
Step 2: Identify the remote interface you want Wireshark to listen to
Idenify the interface you want to capture, eth0 on PC1 is associated with vunl_0_1_0
Enter the inferface ID into the remote capture settings
Step 3: Connect and begin analyzing traffic
Start the capture
Step 4: Optional
Copy your SSH key over to the EvE-NG host so that you don’t have to keep entering your SSH password every time you start a new Wireshark capture
1
ssh-copy-id root@IP_ADD_OF_EVE_HOST
Enter your password when prompted
This post is licensed under CC BY 4.0 by the author.