Wireshark mailing list archives
Re: Add support for remote capture in linux
From: Graham Bloice <graham.bloice () trihedral com>
Date: Fri, 2 Oct 2015 12:26:20 +0100
Or look at rpcapd: https://www.winpcap.org/docs/docs_40_2/html/group__remote.html On 2 October 2015 at 11:57, Roland Knall <rknall () gmail com> wrote:
Hi Would it not be easier to achieve this using an extcap interface? You can see the extcap_example in /doc as well as androiddump for examples. Such interfaces can be configured with a separate options dialog and are quite versatile, and most of all, it does not need you to change dumpcap in a way that it is still working across multiple systems. regards, Roland On Fri, Oct 2, 2015 at 12:35 PM, Dario Lombardo < dario.lombardo.ml () gmail com> wrote:Hi list Remote capture is not currently supported by the current wireshark under linux. This can be achieved by ssh + pipe like this ssh host 'dumpcap -i bla -w -' | wireshark that works flawlessly but is not very user friendly. From the "remote interfaces" in linux it is stated that remote capture is not supported. So I decided to implement the above command programmatically, in order to have a remote capture under linux too. As far as I can see this task has to be split in 2 major tasks: adding a remote ssh support to dumpcap, and add a dialog to handle those option in the UIs. I started with the first task. Using libssh I created a connection to an ssh server that writes to a temporary named pipe (it's a child), while the "main" dumpcap reads as usual from that. All seems to work as expected. But before going further on I'd like to share with you what I've done so far. I pushed a draft change here https://code.wireshark.org/review/#/c/10740/ Some examples of use of this support dumpcap -i ssh://sshhost/eth0 dumpcap -i ssh://sshhost:sshport/eth2 dumpcap -i ssh://sshhost/eth0 --remote-dumpcap-bin /another/bin/dumpcap dumpcap -i ssh://sshhost:ssh -A user:strongpassword -w /tmp/sshhost-capture.pcap What still WIP: - manual - autotools - nmake Comments, suggestions, ideas appreciated. I'd suggest to give specific code comments on gerrit, and keep the generic discussion here. Thanks for your help. Dario.
-- Graham Bloice
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Add support for remote capture in linux Dario Lombardo (Oct 02)
- Re: Add support for remote capture in linux Roland Knall (Oct 02)
- Re: Add support for remote capture in linux Graham Bloice (Oct 02)
- Re: Add support for remote capture in linux Dario Lombardo (Oct 02)
- Re: Add support for remote capture in linux Dario Lombardo (Oct 02)
- Re: Add support for remote capture in linux Graham Bloice (Oct 02)
- Re: Add support for remote capture in linux Dario Lombardo (Oct 02)
- Re: Add support for remote capture in linux Roland Knall (Oct 02)
- Re: Add support for remote capture in linux Guy Harris (Oct 02)