path: root/doc/sshdump.pod
diff options
authorDario Lombardo <lomato@gmail.com>2016-10-03 12:02:21 +0200
committerDario Lombardo <lomato@gmail.com>2016-10-04 09:58:25 +0000
commitd8fdf5454a457abe0109ad5615d5d4c4bfca4222 (patch)
tree53c5bbf54c3bf7d5770b5e05aaeebee16c875586 /doc/sshdump.pod
parent99367fc51303224ec9e95e29a8407cd0d0b5d9f6 (diff)
sshdump: add remote capture command.
This new option adds the chance to use a custom capture command. It must produce a PCAP stream that will be read by Wireshark, written to STDOUT. Change-Id: I34a72465eb369194f24ecf0594df143b8ad6555f Reviewed-on: https://code.wireshark.org/review/18037 Reviewed-by: Peter Wu <peter@lekensteyn.nl> Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Dario Lombardo <lomato@gmail.com>
Diffstat (limited to 'doc/sshdump.pod')
1 files changed, 19 insertions, 1 deletions
diff --git a/doc/sshdump.pod b/doc/sshdump.pod
index f3b7269..fdf886e 100644
--- a/doc/sshdump.pod
+++ b/doc/sshdump.pod
@@ -21,6 +21,7 @@ S<[ B<--remote-username>=E<lt>usernameE<gt> ]>
S<[ B<--remote-password>=E<lt>passwordE<gt> ]>
S<[ B<--sshkey>=E<lt>public key path<gt> ]>
S<[ B<--remote-interface>=E<lt>interfaceE<gt> ]>
+S<[ B<--remote-capture-command>=E<lt>capture commandE<gt> ]>
@@ -41,6 +42,7 @@ S<B<--remote-host=myremotehost>>
+S<B<--remote-capture-command='tcpdump -U -i eth0 -w-'>>
@@ -127,6 +129,12 @@ The path to a private key for authentication.
The remote network interface to capture from.
+=item --remote-capture-command=E<lt>capture commandE<gt>
+A custom remote capture command that produces the remote stream that is shown in Wireshark.
+The command must be able to produce a PCAP stream written to STDOUT. See below for more
=item --extcap-capture-filter=E<lt>capture filterE<gt>
The capture filter
@@ -179,6 +187,8 @@ To see interface configuration options:
{type=string}{tooltip=Passphrase to unlock the SSH private key}
arg {number=6}{call=--remote-interface}{display=Remote interface}{type=string}{default=eth0}
{tooltip=The remote network interface used for capture}
+ arg {number=7}{call=--remote-capture-command}{display=Remote capture command}{type=string}
+ {tooltip=The remote command used to capture.}
arg {number=8}{call=--remote-filter}{display=Remote capture filter}{type=string}
{default=not ((host myip) and port 22)}{tooltip=The remote capture filter}
arg {number=9}{call=--remote-count}{display=Packets to capture}{type=unsigned}{default=0}
@@ -186,9 +196,17 @@ To see interface configuration options:
To capture:
- sshdump --extcap-interface=ssh --fifo=/tmp/ssh.pcapng --capture --remote-host
+ sshdump --extcap-interface=ssh --fifo=/tmp/ssh.pcap --capture --remote-host
--remote-username user --remote-filter "not port 22"
+To use different capture binaries:
+ sshdump --extcap-interface=ssh --fifo=/tmp/ssh.pcap --capture --remote-host
+ --remote-capture-command='dumpcap -i eth0 -P -w -'
+ sshdump --extcap-interface=ssh --fifo=/tmp/ssh.pcap --capture --remote-host
+ --remote-capture-command='sudo tcpdump -i eth0 -U -w -'
NOTE: To stop capturing CTRL+C/kill/terminate application.
=head1 SEE ALSO