diff options
author | Dario Lombardo <lomato@gmail.com> | 2015-11-19 11:30:44 +0100 |
---|---|---|
committer | Anders Broman <a.broman58@gmail.com> | 2015-11-19 15:29:18 +0000 |
commit | d6da95231ee790fd884ca2a41fe59aa9b05ccde9 (patch) | |
tree | 521b455286bad8276f270cb69fd4bb53192643dd /doc/sshdump.pod | |
parent | 1a841483e9df85f913ece0286a6e0d4f97a859c2 (diff) |
extcap: add sshdump.
sshdump is an extcap module that allows dumping from a remote host using an ssh connection.
It goes with the existing extcap plugin interface.
Change-Id: I8987614fdd817b8173a50130812bc643a4833bca
Reviewed-on: https://code.wireshark.org/review/11402
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'doc/sshdump.pod')
-rw-r--r-- | doc/sshdump.pod | 212 |
1 files changed, 212 insertions, 0 deletions
diff --git a/doc/sshdump.pod b/doc/sshdump.pod new file mode 100644 index 0000000000..6defdf1d74 --- /dev/null +++ b/doc/sshdump.pod @@ -0,0 +1,212 @@ + +=head1 NAME + +sshdump - Provide interfaces to capture from a remote host through SSH using a remote capture binary. + +=head1 SYNOPSIS + +B<sshdump> +S<[ B<--help> ]> +S<[ B<--version> ]> +S<[ B<--extcap-interfaces> ]> +S<[ B<--extcap-dlts> ]> +S<[ B<--extcap-interface>=E<lt>interfaceE<gt> ]> +S<[ B<--extcap-config> ]> +S<[ B<--extcap-capture-filter>=E<lt>capture filterE<gt> ]> +S<[ B<--capture> ]> +S<[ B<--fifo>=E<lt>path to file or pipeE<gt> ]> +S<[ B<--remote-host>=E<lt>IP addressE<gt> ]> +S<[ B<--remote-port>=E<lt>TCP portE<gt> ]> +S<[ B<--remote-username>=E<lt>usernameE<gt> ]> +S<[ B<--remote-password>=E<lt>passwordE<gt> ]> +S<[ B<--sshkey>=E<lt>public key path<gt> ]> +S<[ B<--remote-interface>=E<lt>interfaceE<gt> ]> +S<[ B<--remote-capture-bin>=E<lt>capture binaryE<gt> ]> + +B<sshdump> +S< B<--extcap-interfaces> > + +B<sshdump> +S< B<--extcap-interface>=E<lt>interfaceE<gt> > +S<[ B<--extcap-dlts> ]> + +B<sshdump> +S< B<--extcap-interface>=E<lt>interfaceE<gt> > +S<[ B<--extcap-config> ]> + +B<sshdump> +S< B<--extcap-interface>=E<lt>interfaceE<gt> > +S< B<--fifo>=E<lt>path to file or pipeE<gt> > +S< B<--capture> > +S< B<--remote-host=myremotehost> > +S< B<--remote-port=22> > +S< B<--remote-username=user> > +S< B<--remote-interface=eth2> > +S< B<--remote-capture-bin=/usr/sbin/dumpcap> > + +=head1 DESCRIPTION + +B<Sshdump> is a extcap tool that allows to run a remote capture +tool in a SSH connection. The requirement is that the capture +executable must have the capabilities to capture from the wanted +interface. + +The feature is functionally equivalent to run commands like + +$ ssh remoteuser@remotehost -p 22222 'dumpcap -i IFACE -P -w -' > FILE & +$ wireshark FILE + +$ ssh remoteuser@remotehost '/sbin/dumpcap -i IFACE -P -w - -f "not port 22"' > FILE & +$ wireshark FILE + +Supported interfaces: + +=over 4 + +=item 1. ssh + +=back + +=head1 OPTIONS + +=over 4 + +=item --help + +Print program arguments. + +=item --version + +Print program version. + +=item --extcap-interfaces + +List available interfaces. + +=item --extcap-interface=E<lt>interfaceE<gt> + +Use specified interfaces. + +=item --extcap-dlts + +List DLTs of specified interface. + +=item --extcap-config + +List configuration options of specified interface. + +=item --capture + +Start capturing from specified interface save saved it in place specified by --fifo. + +=item --fifo=E<lt>path to file or pipeE<gt> + +Save captured packet to file or send it through pipe. + +=item --remote-host=E<lt>remote hostE<gt> + +The address of the remote host for capture. + +=item --remote-port=E<lt>remote portE<gt> + +The SSH port of the remote host. + +=item --remote-username=E<lt>usernameE<gt> + +The username for ssh authentication. + +=item --remote-password=E<lt>passwordE<gt> + +The password to use (if not ssh-agent and pubkey are used). WARNING: the +passwords are stored in plaintext and visible to all users on this system. It is +recommended to use keyfiles with a SSH agent. + +=item --sshkey=E<lt>SSH private key pathE<gt> + +The path to a private key for authentication. + +=item --remote-interface=E<lt>remote interfaceE<gt> + +The remote network interface to capture from. + +=item --remote-capture-bin=E<lt>capture binaryE<gt> + +The remote capture binary. + +=item --extcap-capture-filter=E<lt>capture filterE<gt> + +The capture filter + +=back + +=head1 EXAMPLES + +To see program arguments: + + sshdump --help + +To see program version: + + sshdump --version + +To see interfaces: + + sshdump --extcap-interfaces + +Only one interface (ssh) is supported. + + Output: + interface {value=ssh}{display=SSH remote capture} + +To see interface DLTs: + + sshdump --extcap-interface=ssh --extcap-dlts + + Output: + dlt {number=147}{name=ssh}{display=Remote capture dependant DLT} + +To see interface configuration options: + + sshdump --extcap-interface=ssh --extcap-config + + Output: + arg {number=0}{call=--remote-host}{display=Remote SSH server address}{type=string}{default=127.0.0.1} + {tooltip=The remote SSH host. It can be both an IP address or an hostname} + arg {number=1}{call=--remote-port}{display=Remote SSH server port}{type=unsigned}{default=22} + {tooltip=The remote SSH host port} + arg {number=2}{call=--remote-username}{display=Remote SSH server username}{type=string}{default=dario} + {tooltip=The remote SSH username. If not provided, the current user will be used} + arg {number=3}{call=--remote-password}{display=Remote SSH server password}{type=string} + {tooltip=The SSH password. SSH agent and certificate are used before it.If they fail, password will + be used, and, if it fails, the connection is not established.} + arg {number=4}{call=--remote-interface}{display=Remote SSH server interface}{type=string}{default=eth0} + {tooltip=The remote network interface used for capture} + arg {number=5}{call=--remote-capture-bin}{display=Remote SSH capture bin}{type=string}{default=dumpcap} + {tooltip=The remote dumcap binary used for capture.} + arg {number=6}{call=--extcap-capture-filter}{display=Capture filter}{type=string}{default=not host hardcore} + {tooltip=The capture filter} + +To capture: + + sshdump --extcap-interface=ssh --fifo=/tmp/ssh.pcapng --capture --remote-host 192.168.1.10 + --remote-username user --extcap-capture-filter "not port 22" + +NOTE: To stop capturing CTRL+C/kill/terminate application. + +=head1 SEE ALSO + +wireshark(1), tshark(1), dumpcap(1), extcap(4) + +=head1 NOTES + +B<Sshdump> is part of the B<Wireshark> distribution. The latest version +of B<Wireshark> can be found at L<https://www.wireshark.org>. + +HTML versions of the Wireshark project man pages are available at: +L<https://www.wireshark.org/docs/man-pages>. + +=head1 AUTHORS + + Original Author + -------- ------ + Dario Lombardo <lomato[AT]gmail.com> |