Ethernet Tap over SSH
The Ethernet Tap over SSH plugin extends the power and simplicity the IO Ninja Ethernet Tap to remote Linux devices, enabling tapping of ethernet on devices like headless Raspberry Pi boards.
Basic Setup
Prerequisites
Enabling SSH
On most Linux machines, SSH is enabled by default. However, if it is not, you will need to enable it.
On Raspbian and many other popular distros, you can perform the following command:
systemctl enable --now sshd
For other Linux distributions, please refer to their documentation.
Installing the Hardware Client
The Ethernet Tap over SSH plugin uses the IO Ninja Hardware Client (ioninja-hwc
).
This hardware client needs to be installed and configured on the remote machine.
See “Installing the Hardware Client” for instructions.
SSH’ing into your Linux Machine with IO Ninja
In IO Ninja, click “New Session” and select a new “Ethernet Tap over SSH” session.

Type the host address of your remote Linux machine into the “Address:” field.

Click the “Capture” button to the right of the “Port:” field to initiate a connection.
You will be prompted for SSH credentials.

Analyze the log as needed.

Settings

Setting |
Description |
Default |
---|---|---|
Remote address |
Remote address to connect to. Can be specified via IPv4 ( |
|
Remote port (default) |
Remote port to connect to in cases when a port is not explicitly specified in Remote address. |
80 |
Use local address |
Bind socket to the specified local address. |
False |
Adapter |
Local network adapter to bind to. Pick one from the list of installed network adapters (or bind to all installed |
Auto |
Local port |
Local port to bind to. Setting this to |
8080 |
Reuse address |
Allow multiple sockets to share the same local address. Maps to the |
False |
TCP Nagle algorithm |
Delay transmission to reduce the number of small TCP packets. Maps to the |
False |
TCP reset |
Drop TCP connections abruptly with a TCP RST packet. Maps to the |
False |
TCP keep-alives |
Detect connection loss with TCP keep-alive probes. Maps to the |
False |
User name
|
User name for SSH authentication. |
|
User authentication
|
SSH authentication method (password or private key) |
Password |
Private key file
|
Private key file for SSH authentication. |
|
Remember last password
|
Re-use the last entered password during subsequent connect attempts. |
True |
Read block size (B) |
The size of each individual read block submitted to the underlying transport. |
4KB |
RX buffer size (B) |
The full size of the incoming data (RX) buffer. Affects read throughput. |
16KB |
TX buffer size (B) |
The full size of the outbound data (TX) buffer. Affects write throughput.. |
16KB |
Keep read block size |
Don’t merge read blocks in RX buffer. Incoming data blocks coming in quick succession can be merged together so that IO Ninja writes them to log as a whole. When this option is set to |
False |
Keep write block size |
Don’t merge write blocks in TX buffer. Outbound data blocks sent in quick succession can be merged together before submission to the underlying transport. When this option is set to |
False |
RX buffer full notifications |
Toggle warnings in log about the incoming data (RX) buffer getting full. |
False |
View filter |
Term to filter with when displaying packets. |