Hey 👋

First of all, thank you @j2doll for publishing this! To this day, I still use it as reference when remote capturing on Windows devices.
I'm wondering though, if the linked versions of Wireshark / plink still hold any significance? At least the latest Wireshark works fine, and has many bug fixes and new features compared to 2.6.

plink: Release 0.72
Build platform: 64-bit x86 Windows
Wireshark 3.4.0 (v3.4.0-0-g9733f173ea5e)

Before I upgrage wireshark(I forget the version,and it was installed last year), this command work well.
Once I upgrage wireshark to this new version,it doesn't work.
Because I use -vvv option in tcpdump command, so it show "Got 20" in cmd command window,but nothing show in wireshark window. May you help me to handle this problem?

When I run the Putty command manually I connect successfully, but it takes some time to respond. I wonder why I am not able to connect with the entire script.

I see wireshark opens but there is nothing showed because it is not connected to the remote server.

Could the delayed response of the remote server be an issue? Can this be workarounded?

Thanks

On Windows 10, one can use the Windows subsystem for Linux to pipe the tcpdump output into Wireshark, instead of using PuTTy / plink.

I'll create a PR to demonstrate this.

Hello,

When executing the command file, Wireshark opens but it shows an error:
"Data written to the pipe is neither in a supported pcap format nor in pcapng format."

libpcap is installed on the remote server, and it is possible to run a local tcpdump and store it in a *.pcap file. This file can be read by Wireshark.

Thx