Related to Remote packet capture via netcat and Wireshark - #13 by Paul_Mossip
Here’s how I set up my Balance One to do Remote Packet Capture using Wireshark and Netcat (‘nc’)
I’m using macOS 15.1.1 on Apple Silicon, with a Peplink Balance One running firmware 8.5.1.
Configure on macOS
- download Wireshark from Wireshark · Download
- Open DMG and drag the Wireshark app to the /Applications folder
- Run the two scripts:
Install ChmodBPF.pkgandAdd Wireshark to the system path.pkg - If you have a Terminal window open already, you need to close it and open a new one
- In Terminal, enter this command
nc -l 12345 | Wireshark -ki -
Note: if you getWireshark: command not foundmake sure you have run theAdd Wireshark to the system path.pkginstaller and opened a New terminal window.
Configure on Peplink
- Log into your Peplink admin UI
- in the browser, change the URL so it ends in ‘support.cgi’ - this reveals the Peplink hidden settings page:
https::/[router IP]/cgi-bin/MANGA/support.cgi
(replace [router IP] with the IP of your peplink)
3. Click the link for network capture:
4. Click ‘remote capture’ and enter the IP address of your Mac, and a random port (use the same port number, 12345 you used above)
- Click the
Startbutton
Filtering in Wireshark
Back on your mac, the Wireshark app should be showing a flood of data. You probably want to filter it down.
For example, to filter data for a single IP address, enter this filter:
ip.addr == 10.0.64.104