Running Wireshark on a remote machine using SSH is not a very complex task, and there are many solutions for this on the web. However, the task becomes slightly more complex when you have to access a remote machine through another remote machine (e.g. you SSH to machine A and from there SSH to machine B).
This is the solution I found, using FIFO pipes.
On the remote machine where you have to listen, you create a FIFO pipe. You do the same thing on the intermediary machine.
After that, you read the pipe from the intermediary machine on the local host and pipe it to wireshark.
ssh user@hostA "cat /tmp/wirefifo" | wireshark -k -i -
On the intermediary machine, you pipe the output of the machine you are listening for packets on to the local pipe.
ssh user@hostB "cat /tmp/wirefifo" > /tmp/wirefifo
The last step is to start tcpdump on the remote host and pipe the result to the FIFO pipe.
tcpdump -s 0 -U -n -w - -i any not port 22 > /tmp/wirefifo
Wireshark should now be showing the packets captured by tcpdump.
No comments:
Post a Comment