nexmon – Blame information for rev 1

Subversion Repositories:
Rev:
Rev Author Line No. Line
1 office 1  
2 =head1 NAME
3  
4 sshdump - Provide interfaces to capture from a remote host through SSH using a remote capture binary.
5  
6 =head1 SYNOPSIS
7  
8 B<sshdump>
9 S<[ B<--help> ]>
10 S<[ B<--version> ]>
11 S<[ B<--extcap-interfaces> ]>
12 S<[ B<--extcap-dlts> ]>
13 S<[ B<--extcap-interface>=E<lt>interfaceE<gt> ]>
14 S<[ B<--extcap-config> ]>
15 S<[ B<--extcap-capture-filter>=E<lt>capture filterE<gt> ]>
16 S<[ B<--capture> ]>
17 S<[ B<--fifo>=E<lt>path to file or pipeE<gt> ]>
18 S<[ B<--remote-host>=E<lt>IP addressE<gt> ]>
19 S<[ B<--remote-port>=E<lt>TCP portE<gt> ]>
20 S<[ B<--remote-username>=E<lt>usernameE<gt> ]>
21 S<[ B<--remote-password>=E<lt>passwordE<gt> ]>
22 S<[ B<--sshkey>=E<lt>public key path<gt> ]>
23 S<[ B<--remote-interface>=E<lt>interfaceE<gt> ]>
24 S<[ B<--remote-capture-bin>=E<lt>capture binaryE<gt> ]>
25  
26 B<sshdump>
27 S<B<--extcap-interfaces>>
28  
29 B<sshdump>
30 S<B<--extcap-interface>=E<lt>interfaceE<gt>>
31 S<B<--extcap-dlts>>
32  
33 B<sshdump>
34 S<B<--extcap-interface>=E<lt>interfaceE<gt>>
35 S<B<--extcap-config>>
36  
37 B<sshdump>
38 S<B<--extcap-interface>=E<lt>interfaceE<gt>>
39 S<B<--fifo>=E<lt>path to file or pipeE<gt>>
40 S<B<--capture>>
41 S<B<--remote-host=myremotehost>>
42 S<B<--remote-port=22>>
43 S<B<--remote-username=user>>
44 S<B<--remote-interface=eth2>>
45 S<B<--remote-capture-bin=/usr/sbin/dumpcap>>
46  
47 =head1 DESCRIPTION
48  
49 B<Sshdump> is a extcap tool that allows one to run a remote capture
50 tool in a SSH connection. The requirement is that the capture
51 executable must have the capabilities to capture from the wanted
52 interface.
53  
54 The feature is functionally equivalent to run commands like
55  
56 $ ssh remoteuser@remotehost -p 22222 'dumpcap -i IFACE -P -w -' > FILE &
57 $ wireshark FILE
58  
59 $ ssh remoteuser@remotehost '/sbin/dumpcap -i IFACE -P -w - -f "not port 22"' > FILE &
60 $ wireshark FILE
61  
62 Supported interfaces:
63  
64 =over 4
65  
66 =item 1. ssh
67  
68 =back
69  
70 =head1 OPTIONS
71  
72 =over 4
73  
74 =item --help
75  
76 Print program arguments.
77  
78 =item --version
79  
80 Print program version.
81  
82 =item --extcap-interfaces
83  
84 List available interfaces.
85  
86 =item --extcap-interface=E<lt>interfaceE<gt>
87  
88 Use specified interfaces.
89  
90 =item --extcap-dlts
91  
92 List DLTs of specified interface.
93  
94 =item --extcap-config
95  
96 List configuration options of specified interface.
97  
98 =item --capture
99  
100 Start capturing from specified interface and write raw packet data to the location specified by --fifo.
101  
102 =item --fifo=E<lt>path to file or pipeE<gt>
103  
104 Save captured packet to file or send it through pipe.
105  
106 =item --remote-host=E<lt>remote hostE<gt>
107  
108 The address of the remote host for capture.
109  
110 =item --remote-port=E<lt>remote portE<gt>
111  
112 The SSH port of the remote host.
113  
114 =item --remote-username=E<lt>usernameE<gt>
115  
116 The username for ssh authentication.
117  
118 =item --remote-password=E<lt>passwordE<gt>
119  
120 The password to use (if not ssh-agent and pubkey are used). WARNING: the
121 passwords are stored in plaintext and visible to all users on this system. It is
122 recommended to use keyfiles with a SSH agent.
123  
124 =item --sshkey=E<lt>SSH private key pathE<gt>
125  
126 The path to a private key for authentication.
127  
128 =item --remote-interface=E<lt>remote interfaceE<gt>
129  
130 The remote network interface to capture from.
131  
132 =item --remote-capture-bin=E<lt>capture binaryE<gt>
133  
134 The remote capture binary.
135  
136 =item --extcap-capture-filter=E<lt>capture filterE<gt>
137  
138 The capture filter
139  
140 =back
141  
142 =head1 EXAMPLES
143  
144 To see program arguments:
145  
146 sshdump --help
147  
148 To see program version:
149  
150 sshdump --version
151  
152 To see interfaces:
153  
154 sshdump --extcap-interfaces
155  
156 Only one interface (ssh) is supported.
157  
158 Output:
159 interface {value=ssh}{display=SSH remote capture}
160  
161 To see interface DLTs:
162  
163 sshdump --extcap-interface=ssh --extcap-dlts
164  
165 Output:
166 dlt {number=147}{name=ssh}{display=Remote capture dependent DLT}
167  
168 To see interface configuration options:
169  
170 sshdump --extcap-interface=ssh --extcap-config
171  
172 Output:
173  
174 arg {number=0}{call=--remote-host}{display=Remote SSH server address}{type=string}
175 {tooltip=The remote SSH host. It can be both an IP address or a hostname}{required=true}
176 arg {number=1}{call=--remote-port}{display=Remote SSH server port}{type=unsigned}
177 {default=22}{tooltip=The remote SSH host port (1-65535)}{range=1,65535}
178 arg {number=2}{call=--remote-username}{display=Remote SSH server username}{type=string}
179 {default=myusername}{tooltip=The remote SSH username. If not provided, the current user will be used}
180 arg {number=3}{call=--remote-password}{display=Remote SSH server password}{type=password}
181 {tooltip=The SSH password, used when other methods (SSH agent or key files) are unavailable.}
182 arg {number=4}{call=--sshkey}{display=Path to SSH private key}{type=fileselect}
183 {tooltip=The path on the local filesystem of the private ssh key}
184 arg {number=5}{call=--sshkey-passphrase}{display=SSH key passphrase}
185 {type=string}{tooltip=Passphrase to unlock the SSH private key}
186 arg {number=6}{call=--remote-interface}{display=Remote interface}{type=string}{default=eth0}
187 {tooltip=The remote network interface used for capture}
188 arg {number=7}{call=--remote-capture-bin}{display=Remote capture binary}{type=string}
189 {default=dumpcap}{tooltip=The remote dumpcap binary used for capture.}
190 arg {number=8}{call=--remote-filter}{display=Remote capture filter}{type=string}
191 {default=not ((host myip) and port 22)}{tooltip=The remote capture filter}
192 arg {number=9}{call=--remote-count}{display=Packets to capture}{type=unsigned}{default=0}
193 {tooltip=The number of remote packets to capture. (Default: unlimited)}
194  
195 To capture:
196  
197 sshdump --extcap-interface=ssh --fifo=/tmp/ssh.pcapng --capture --remote-host 192.168.1.10
198 --remote-username user --remote-filter "not port 22"
199  
200 NOTE: To stop capturing CTRL+C/kill/terminate application.
201  
202 =head1 SEE ALSO
203  
204 wireshark(1), tshark(1), dumpcap(1), extcap(4)
205  
206 =head1 NOTES
207  
208 B<Sshdump> is part of the B<Wireshark> distribution. The latest version
209 of B<Wireshark> can be found at L<https://www.wireshark.org>.
210  
211 HTML versions of the Wireshark project man pages are available at:
212 L<https://www.wireshark.org/docs/man-pages>.
213  
214 =head1 AUTHORS
215  
216 Original Author
217 -------- ------
218 Dario Lombardo <lomato[AT]gmail.com>