diff options
| author | Dario Lombardo <lomato@gmail.com> | 2016-10-03 12:02:21 +0200 |
|---|---|---|
| committer | Dario Lombardo <lomato@gmail.com> | 2016-10-04 09:58:25 +0000 |
| commit | d8fdf5454a457abe0109ad5615d5d4c4bfca4222 (patch) | |
| tree | 53c5bbf54c3bf7d5770b5e05aaeebee16c875586 /doc/sshdump.pod | |
| parent | 99367fc51303224ec9e95e29a8407cd0d0b5d9f6 (diff) | |
sshdump: add remote capture command.
This new option adds the chance to use a custom capture command.
It must produce a PCAP stream that will be read by Wireshark,
written to STDOUT.
Change-Id: I34a72465eb369194f24ecf0594df143b8ad6555f
Reviewed-on: https://code.wireshark.org/review/18037
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Dario Lombardo <lomato@gmail.com>
Diffstat (limited to 'doc/sshdump.pod')
| -rw-r--r-- | doc/sshdump.pod | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/doc/sshdump.pod b/doc/sshdump.pod index f3b7269c79..fdf886eb7d 100644 --- a/doc/sshdump.pod +++ b/doc/sshdump.pod @@ -21,6 +21,7 @@ S<[ B<--remote-username>=E<lt>usernameE<gt> ]> S<[ B<--remote-password>=E<lt>passwordE<gt> ]> S<[ B<--sshkey>=E<lt>public key path<gt> ]> S<[ B<--remote-interface>=E<lt>interfaceE<gt> ]> +S<[ B<--remote-capture-command>=E<lt>capture commandE<gt> ]> B<sshdump> S<B<--extcap-interfaces>> @@ -41,6 +42,7 @@ S<B<--remote-host=myremotehost>> S<B<--remote-port=22>> S<B<--remote-username=user>> S<B<--remote-interface=eth2>> +S<B<--remote-capture-command='tcpdump -U -i eth0 -w-'>> =head1 DESCRIPTION @@ -127,6 +129,12 @@ The path to a private key for authentication. The remote network interface to capture from. +=item --remote-capture-command=E<lt>capture commandE<gt> + +A custom remote capture command that produces the remote stream that is shown in Wireshark. +The command must be able to produce a PCAP stream written to STDOUT. See below for more +examples. + =item --extcap-capture-filter=E<lt>capture filterE<gt> The capture filter @@ -179,6 +187,8 @@ To see interface configuration options: {type=string}{tooltip=Passphrase to unlock the SSH private key} arg {number=6}{call=--remote-interface}{display=Remote interface}{type=string}{default=eth0} {tooltip=The remote network interface used for capture} + arg {number=7}{call=--remote-capture-command}{display=Remote capture command}{type=string} + {tooltip=The remote command used to capture.} arg {number=8}{call=--remote-filter}{display=Remote capture filter}{type=string} {default=not ((host myip) and port 22)}{tooltip=The remote capture filter} arg {number=9}{call=--remote-count}{display=Packets to capture}{type=unsigned}{default=0} @@ -186,9 +196,17 @@ To see interface configuration options: To capture: - sshdump --extcap-interface=ssh --fifo=/tmp/ssh.pcapng --capture --remote-host 192.168.1.10 + sshdump --extcap-interface=ssh --fifo=/tmp/ssh.pcap --capture --remote-host 192.168.1.10 --remote-username user --remote-filter "not port 22" +To use different capture binaries: + + sshdump --extcap-interface=ssh --fifo=/tmp/ssh.pcap --capture --remote-host 192.168.1.10 + --remote-capture-command='dumpcap -i eth0 -P -w -' + + sshdump --extcap-interface=ssh --fifo=/tmp/ssh.pcap --capture --remote-host 192.168.1.10 + --remote-capture-command='sudo tcpdump -i eth0 -U -w -' + NOTE: To stop capturing CTRL+C/kill/terminate application. =head1 SEE ALSO |