Ethernet Tap over SSH
The Ethernet Tap over SSH plugin extends the power and simplicity the IO Ninja Ethernet Tap to remote Linux devices, enabling tapping of ethernet on devices like headless Raspberry Pi boards.
Basic Setup
Prerequisites
Enabling SSH
On most Linux machines, SSH is enabled by default. However, if it is not, you will need to enable it.
On Raspbian and many other popular distros, you can perform the following command:
systemctl enable --now sshd
For other Linux distributions, please refer to their documentation.
Installing the Hardware Client
The Ethernet Tap over SSH plugin uses the IO Ninja Hardware Client (ioninja-hwc
).
This hardware client needs to be installed and configured on the remote machine.
Note
See Installing the Hardware Client for instructions.
SSH’ing into your Linux Machine with IO Ninja
In IO Ninja, click “New Session” and select a new “Ethernet Tap over SSH” session.

Type the host address of your remote Linux machine into the “Address:” field.

Click the “Capture” button to the right of the “Port:” field to initiate a connection.

Note
You will be prompted for SSH credentials.
Analyze the log as needed.

Export to a .pcap file by pressing the “Export to .pcap” button.

Settings

Setting |
Description |
Default |
---|---|---|
Remote address |
Remote address to connect to. Can be specified via IPv4 ( |
|
Remote port (default) |
Remote port to connect to in cases when a port is not explicitly specified in Remote address. |
80 |
Use local address |
Bind socket to the specified local address. |
False |
Adapter |
Local network adapter to bind to. Pick one from the list of installed network adapters (or bind to all installed |
Auto |
Local port |
Local port to bind to. Setting this to |
8080 |
Reuse address |
Allow multiple sockets to share the same local address. Maps to the |
False |
TCP Nagle algorithm |
Delay transmission to reduce the number of small |
False |
TCP reset |
Drop TCP connections abruptly with a |
False |
TCP keep-alives |
Detect connection loss with |
False |
User name
|
User name for SSH authentication. |
|
User authentication
|
SSH authentication method (password or private key) |
Password |
Private key file
|
Private key file for SSH authentication. |
|
Remember last password
|
Re-use the last entered password during subsequent connect attempts. |
True |
Read block size (B) |
The size of each individual read block submitted to the underlying transport. |
4KB |
RX buffer size (B) |
The full size of the incoming data ( |
16KB |
TX buffer size (B) |
The full size of the outbound data ( |
16KB |
Keep read block size |
Don’t merge read blocks in RX buffer. Incoming data blocks coming in quick succession can be merged together so that IO Ninja writes them to log as a whole. When this option is set to |
False |
Keep write block size |
Don’t merge write blocks in |
False |
RX buffer full notifications |
Toggle warnings in log about the incoming data ( |
False |
View filter |
Term to filter with when displaying packets. Packets filtered this way are still captured, but are just not shown in the log. You can see these filtered packets again by removing this filter. |