kapow/poc/examples/tcpdump/README.md

Remote tcpdump sniffer with source filtering

1. Add any filter you want to the tcpdump command inside tcpdump.pow to filter any traffic you don't want to be sniffed!
2. For the sake of simplicity run sudo kapow server tcpdump.pow. In a production environment tcpdump should be run with the appropiate permissions but kapow can (and should) run as an unprivilieged user.
3. In your local machine run curl http://localhost:8080/sniff/<network-interface> | sudo wireshark -k -i - if you don't want to run Wireshark as root follow this guide: https://gist.github.com/MinaMikhailcom/0825906230cbbe478faf4d08abe9d11a
4. Profit!