diff options
author | Adrian Granados <adrian@intuitibits.com> | 2022-03-08 16:38:13 -0500 |
---|---|---|
committer | A Wireshark GitLab Utility <gerald+gitlab-utility@wireshark.org> | 2022-03-09 08:01:39 +0000 |
commit | 8622c92a7549320b5faffb92891c12077f65459d (patch) | |
tree | 33f336e769fbedfba71d34273572180545c238b1 /doc | |
parent | ad48c4050d8f489ea3e6d67e9bc57e69b468b329 (diff) |
extcap: new interface, wifidump, to capture Wi-Fi frames using a remote SSH host
Diffstat (limited to 'doc')
-rw-r--r-- | doc/CMakeLists.txt | 1 | ||||
-rw-r--r-- | doc/wifidump.adoc | 280 |
2 files changed, 281 insertions, 0 deletions
diff --git a/doc/CMakeLists.txt b/doc/CMakeLists.txt index d417d9a8c7..156ef650a8 100644 --- a/doc/CMakeLists.txt +++ b/doc/CMakeLists.txt @@ -60,6 +60,7 @@ ADD_MAN_PAGE(sshdump 1) ADD_MAN_PAGE(text2pcap 1) ADD_MAN_PAGE(tshark 1) ADD_MAN_PAGE(udpdump 1) +ADD_MAN_PAGE(wifidump 1) ADD_MAN_PAGE(extcap 4) ADD_MAN_PAGE(wireshark-filter 4) diff --git a/doc/wifidump.adoc b/doc/wifidump.adoc new file mode 100644 index 0000000000..a55af0821c --- /dev/null +++ b/doc/wifidump.adoc @@ -0,0 +1,280 @@ +include::../docbook/attributes.adoc[] += wifidump(1) +:doctype: manpage +:stylesheet: ws.css +:linkcss: +:copycss: ../docbook/{stylesheet} + +== NAME + +wifidump - Provides an interface to capture Wi-Fi frames from a remote host through SSH. + +== SYNOPSIS + +[manarg] +*wifidump* +[ *--help* ] +[ *--version* ] +[ *--extcap-interfaces* ] +[ *--extcap-dlts* ] +[ *--extcap-interface*=<interface> ] +[ *--extcap-config* ] +[ *--extcap-capture-filter*=<capture filter> ] +[ *--capture* ] +[ *--fifo*=<path to file or pipe> ] +[ *--remote-host*=<IP address> ] +[ *--remote-port*=<TCP port> ] +[ *--remote-username*=<username> ] +[ *--remote-password*=<password> ] +[ *--sshkey*=<public key path> ] +[ *--remote-interface*=<interface> ] +[ *--remote-channel-frequency*=<channel frequency> ] +[ *--remote-channel-width*=<channel width> ] + +[manarg] +*wifidump* +*--extcap-interfaces* + +[manarg] +*wifidump* +*--extcap-interface*=<interface> +*--extcap-dlts* + +[manarg] +*wifidump* +*--extcap-interface*=<interface> +*--extcap-config* + +[manarg] +*wifidump* +*--extcap-interface*=<interface> +*--fifo*=<path to file or pipe> +*--capture* +*--remote-host=myremotehost* +*--remote-port=22* +*--remote-username=user* +*--remote-interface=eth2* +*--remote-channel-frequency=5180* +*--remote-channel-width=40* + +== DESCRIPTION + +*Wifidump* is an extcap tool that allows you to capture Wi-Fi traffic from a +remote host over an SSH connection using *tcpdump*. The requirement to capture Wi-Fi +frames is that the remote host must have the necessary binaries to manage and put +the wanted interface into monitor mode. Such binaries include: *ip*, *iw*, and +*iwconfig*. Also, because using monitor mode and managing the Wi-Fi interface requires +root privileges, the system must be configured to allow the wanted user to run +these binaries using sudo without entering a password. + +Typically wifidump is not invoked directly. Instead it can be configured through +the Wireshark graphical user interface or its command line. The following will +start Wireshark and start capturing from host *remotehost*: + + $ wireshark '-oextcap.wifidump.remotehost:remotehost' -i wifidump -k + +To explicitly control the remote capture command: + + $ wireshark '-oextcap.wifidump.remotehost:remotehost' \ + '-oextcap.wifidump.remotechannelfrequency:5180' \ + '-oextcap.wifidump.remotechannelwidth:40' \ + -i wifidump -k + +Supported interfaces: + +1. wifidump + +== OPTIONS + +--help:: ++ +-- +Print program arguments. +-- + +--version:: ++ +-- +Print program version. +-- + +--extcap-interfaces:: ++ +-- +List available interfaces. +-- + +--extcap-interface=<interface>:: ++ +-- +Use specified interfaces. +-- + +--extcap-dlts:: ++ +-- +List DLTs of specified interface. +-- + +--extcap-config:: ++ +-- +List configuration options of specified interface. +-- + +--capture:: ++ +-- +Start capturing from specified interface and write raw packet data to the location specified by --fifo. +-- + +--fifo=<path to file or pipe>:: ++ +-- +Save captured packet to file or send it through pipe. +-- + +--remote-host=<remote host>:: ++ +-- +The address of the remote host for capture. +-- + +--remote-port=<remote port>:: ++ +-- +The SSH port of the remote host. +-- + +--remote-username=<username>:: ++ +-- +The username for ssh authentication. +-- + +--remote-password=<password>:: ++ +-- +The password to use (if not ssh-agent and pubkey are used). WARNING: the +passwords are stored in plaintext and visible to all users on this system. It is +recommended to use keyfiles with a SSH agent. +-- + +--sshkey=<SSH private key path>:: ++ +-- +The path to a private key for authentication. +-- + +--remote-interface=<remote interface>:: ++ +-- +The remote network interface to capture from. +-- + +--remote-channel-frequency=<channel frequency>:: ++ +-- +The remote channel frequency in MHz. +-- + +--remote-channel-width=<channel width>:: ++ +-- +The remote channel width in MHz. +-- + +--extcap-capture-filter=<capture filter>:: ++ +-- +The capture filter. It corresponds to the value provided via the *tshark -f* +option, and the Capture Filter field next to the interfaces list in the +Wireshark interface. +-- + +== EXAMPLES + +To see program arguments: + + wifidump --help + +To see program version: + + wifidump --version + +To see interfaces: + + wifidump --extcap-interfaces + +Only one interface (wifidump) is supported. + +.Example output + interface {value=wifidump}{display=Wi-Fi remote capture} + +To see interface DLTs: + + wifidump --extcap-interface=wifidump --extcap-dlts + +.Example output + dlt {number=147}{name=wifidump}{display=Remote capture dependent DLT} + +To see interface configuration options: + + wifidump --extcap-interface=wifidump --extcap-config + +.Example output + arg {number=0}{call=--remote-host}{display=Remote SSH server address}{type=string} + {tooltip=The remote SSH host. It can be both an IP address or a hostname}{required=true}{group=Server} + arg {number=1}{call=--remote-port}{display=Remote SSH server port}{type=unsigned} + {tooltip=The remote SSH host port (1-65535)}{range=1,65535}{group=Server} + arg {number=2}{call=--remote-username}{display=Remote SSH server username}{type=string} + {tooltip=The remote SSH username. If not provided, the current user will be used}{group=Authentication} + arg {number=3}{call=--remote-password}{display=Remote SSH server password}{type=password} + {tooltip=The SSH password, used when other methods (SSH agent or key files) are unavailable.}{group=Authentication} + arg {number=4}{call=--sshkey}{display=Path to SSH private key}{type=fileselect} + {tooltip=The path on the local filesystem of the private ssh key}{mustexist=true}{group=Authentication} + arg {number=5}{call=--sshkey-passphrase}{display=SSH key passphrase}{type=password} + {tooltip=Passphrase to unlock the SSH private key}{group=Authentication} + arg {number=6}{call=--remote-interface}{display=Remote interface}{type=string} + {tooltip=The remote network interface used to capture}{default=auto}{group=Capture} + arg {number=7}{call=--remote-channel-frequency}{display=Remote channel}{type=selector} + {tooltip=The remote channel used to capture}{group=Capture} + arg {number=8}{call=--remote-channel-width}{display=Remote channel width}{type=selector} + {tooltip=The remote channel width used to capture}{group=Capture} + arg {number=9}{call=--remote-filter}{display=Remote capture filter}{type=string} + {tooltip=The remote capture filter}{group=Capture} + arg {number=10}{call=--remote-count}{display=Packets to capture}{type=unsigned} + {tooltip=The number of remote packets to capture.}{group=Capture} + arg {number=11}{call=--log-level}{display=Set the log level}{type=selector} + {tooltip=Set the log level}{required=false}{group=Debug} + arg {number=12}{call=--log-file}{display=Use a file for logging}{type=fileselect} + {tooltip=Set a file where log messages are written}{required=false}{group=Debug} + +To capture: + + wifidump --extcap-interface=wifidump --fifo=/tmp/wifidump.pcap --capture --remote-host 192.168.1.10 --remote-username user --remote-channel-frequency 5180 --remote-channel-width 40 + +NOTE: To stop capturing CTRL+C/kill/terminate application. + +The wifidump binary can be renamed to support multiple instances. For instance if we want wifidump +to show up twice in wireshark (for instance to handle multiple profiles), we can copy wifidump to +wifidump-host1 and wifidump-host2. Each binary will show up an interface name same as the executable +name. Those executables not being "wifidump" will show up as "custom version" in the interface description. + +== SEE ALSO + +xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:extcap.html[extcap](4), xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](1) + +== NOTES + +*Wifidump* is part of the *Wireshark* distribution. The latest version +of *Wireshark* can be found at https://www.wireshark.org. + +HTML versions of the Wireshark project man pages are available at +https://www.wireshark.org/docs/man-pages. + +== AUTHORS + +.Original Author +[%hardbreaks] +Adrian Granados <adrian[AT]intuitibits.com> |