I have toyed a bit with this , and here is a working solution wo. to much "no..no"
********* Works wo sudo hack on linux **************
Only first time (ever) - to make ssh work wo. asking for passwd
ssh-keygen
ssh-copy-id user@pfsense-fw
If sudo is installed on pfsense
----------------------------------
remote:~$ mkfifo /tmp/pcap
remote:~$ sudo tcpdump -iigb1 -U -s0 -w - 'not port 22' > /tmp/pcap
If sudo is not installed on pfsense
------------------------------------
ssh to pfsense as root/admin , enter 8 for shell
remote:~# mkfifo /tmp/pcap
remote:~# tcpdump -iigb1 -U -s0 -w - 'not port 22' > /tmp/pcap
and send the data by a separate connection:
local:~$ mkfifo /tmp/pcap
local:~$ ssh user@pfsense-fw "cat /tmp/pcap" > /tmp/pcap
and finally start Wireshark
local:~$ sudo wireshark -k -i /tmp/pcap
********************* end ***************
I do have this one liner working
As local root (due to wireshark needs root)
local:# ssh user@pfsense-fw sudo tcpdump -iigb1 -U -s0 -w - 'not port 22' | wireshark -k -i -
But it requires sudo to be installed on pfsense
https://www.cyberciti.biz/faq/how-to-add-delete-grant-sudo-privileges-to-users-on-freebsd-unix-server/
install
pkg install security/sudo
And some "nasty" visudo things, that would get a "security officer/revision" to get "Red Ears" ….
I could prob lock it down to just work with tcpdump , but for now it's allowing my local user to sudo anything wo even asking for a pwd. Provided he's a member of the admin group.
Have fun "Sharking"
Ps:
Most of this nasty stuff would prob not be needed of we could get a way to ssh into pfsense as root , wo. hitting the "menu".
Or if we could ssh into pfsense w. a user that was allowed to run tcpdump on an interface.
/Bingo