I'm looking to capture packets from a remote server network interface. The remote server is running CentOS and has tshark installed. I'm working on a Windows 8 machine with Wireshark installed.
I've found this brief tutorial, but it's more for the home user. I've no UI on my server so I need to do all setup in the terminal over ssh. I also found this question, but id doesn't seem complete or correct.
I'm looking to capture all incoming data on a particular port, but I can figure that bit out easily enough. It's getting the capture itself working that's the main issue.
Also, does capturing remotely mean that the data won't be saved on the remote server itself? Or will it be saved on both my laptop and the server?