remote-capture-command='dumpcap -i eth0 -P -w -' remote-username user -remote-filter "not port 22" Sshdump -extcap-interface=sshdump -fifo=/tmp/ssh.pcap -capture -remote-host 192.168.1.10 Only one interface (sshdump) is supported. When specified, this command will be used as is, no interface, port or filter options
The command must be able to produce a PCAP stream written to STDOUT. The remote network interface to capture from.Ī custom remote capture command that produces the remote stream that is shown in The path to a private key for authentication. Stored in plaintext and visible to all users on this system. The password to use (if not ssh-agent and pubkey are used). The address of the remote host for capture. Save captured packet to file or send it through pipe. Start capturing from specified interface and write raw packet data to the location List configuration options of specified interface. $ ssh somehost dumpcap -P -w -f udp | tshark -i. $ ssh '/sbin/dumpcap -i IFACE -P -w -f "not port 22"' > FILE & $ $ ssh -p 22222 'tcpdump -U -i IFACE -w -' > FILE & $ wireshark FILE
The feature is functionally equivalent to run commands like The requirement is that the capture executable must have the capabilities to Sshdump -extcap-interfaces sshdump -extcap-interface= -extcap-dlts sshdump -extcap-interface= -extcap-config sshdump -extcap-interface= -fifo= -capture -remote-host=myremotehost -remote-port=22 -remote-username=user -remote-interface=eth2 -remote-capture-command='tcpdump -U -i eth0 -w-' DESCRIPTION Sshdump is an extcap tool that allows one to run a remote capture tool over a SSHĬonnection. Sshdump - Provide interfaces to capture from a remote host through SSH using a remote Provided by: wireshark-common_3.2.3-1_amd64
0 kommentar(er)
