In my previous post on TCPDUMP, I talked about getting the capture file off of your Raspberry Pi and onto a computer where you can look at the file with Wireshark. Using something called SCP, otherwise known as Secure Copy, you can transfer the file from Raspberry Pi onto whatever coputer you are working on.
Although I am showing you how to do this using a MacBook Pro, where are SCP client apps available for Windows and Linux systems. By default, Raspian comes with SCP installed. SCP uses SSH as part of the process to get files copied from one system to another.
The first thing to do is to establish a SSH session to your Raspberry Pi. Verify the directory that the file is in that you want to copy. Here is a tip to remember – if you used the Pi account to login to your Raspberry Pi, that is the account that you will to use when getting SCP to establish a connection to the Raspberry Pi.
When using the SCP command line utility on the MacBook Pro, you will use a line that looks something like this – scp email@example.com:test.pcap /users/RonNutter. The pi at the first part of the command line is the account that you used when you ran tcpdump to do the packet capture earlier. Substitute the ip address or FQDN (fully qualified domain name) of your Raspberry Pi in place of the ip address you see used here. Follow that with a colon and the name of the capture file you want to transfer. In the case of the MacBook Pro, you will need to specify the directory path where you want the file to be saved.
If you are using Windows or Linux, you can do a quick Google search for SCP command line and you will see a list of apps that will let you do a SCP file transfer.
To see more of my posts about the Raspberry Pi, please go to http://www.ronnutter.com/category/raspberry-pi/