From 8851b435abc2fcbd0bd566d18650a8011f8f3e1f Mon Sep 17 00:00:00 2001
From: OddRabbit <52036269+oddrabbit@users.noreply.github.com>
Date: Mon, 24 Oct 2022 23:42:00 +1100
Subject: [PATCH] Update README.md

---
 .../pentesting-network/README.md                           | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/generic-methodologies-and-resources/pentesting-network/README.md b/generic-methodologies-and-resources/pentesting-network/README.md
index 13f5765c1..2685f1db5 100644
--- a/generic-methodologies-and-resources/pentesting-network/README.md
+++ b/generic-methodologies-and-resources/pentesting-network/README.md
@@ -240,6 +240,13 @@ tcpdump -i <IFACE> icmp #Listen to icmp packets
 sudo bash -c "sudo nohup tcpdump -i eth0 -G 300 -w \"/tmp/dump-%m-%d-%H-%M-%S-%s.pcap\" -W 50 'tcp and (port 80 or port 443)' &"
 ```
 
+One can, also, capture packets from a remote machine over an SSH session with Wireshark as the GUI in realtime.
+
+```
+ssh user@<TARGET IP> tcpdump -i ens160 -U -s0 -w - | sudo wireshark -k -i -
+ssh <USERNAME>@<TARGET IP> tcpdump -i <INTERFACE> -U -s0 -w - 'port not 22' | sudo wireshark -k -i - # Exclude SSH traffic
+```
+
 ### Bettercap2
 
 ```bash