whoami7 - Manager
:
/
usr
/
share
/
wireshark
/
Upload File:
files >> //usr/share/wireshark/sshdump.html
<?xml version="1.0" ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>sshdump - The Wireshark Network Analyzer 2.6.2</title> <link rel="stylesheet" href="ws.css" type="text/css" /> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <link rev="made" href="mailto:root@localhost" /> </head> <body> <h1 id="NAME">NAME</h1> <p>sshdump - Provide interfaces to capture from a remote host through SSH using a remote capture binary.</p> <h1 id="SYNOPSIS">SYNOPSIS</h1> <p><b>sshdump</b> <span style="white-space: nowrap;">[ <b>--help</b> ]</span> <span style="white-space: nowrap;">[ <b>--version</b> ]</span> <span style="white-space: nowrap;">[ <b>--extcap-interfaces</b> ]</span> <span style="white-space: nowrap;">[ <b>--extcap-dlts</b> ]</span> <span style="white-space: nowrap;">[ <b>--extcap-interface</b>=<interface> ]</span> <span style="white-space: nowrap;">[ <b>--extcap-config</b> ]</span> <span style="white-space: nowrap;">[ <b>--extcap-capture-filter</b>=<capture filter> ]</span> <span style="white-space: nowrap;">[ <b>--capture</b> ]</span> <span style="white-space: nowrap;">[ <b>--fifo</b>=<path to file or pipe> ]</span> <span style="white-space: nowrap;">[ <b>--remote-host</b>=<IP address> ]</span> <span style="white-space: nowrap;">[ <b>--remote-port</b>=<TCP port> ]</span> <span style="white-space: nowrap;">[ <b>--remote-username</b>=<username> ]</span> <span style="white-space: nowrap;">[ <b>--remote-password</b>=<password> ]</span> <span style="white-space: nowrap;">[ <b>--sshkey</b>=<public key path<gt</span> ]> <span style="white-space: nowrap;">[ <b>--remote-interface</b>=<interface> ]</span> <span style="white-space: nowrap;">[ <b>--remote-capture-command</b>=<capture command> ]</span></p> <p><b>sshdump</b> <span style="white-space: nowrap;"><b>--extcap-interfaces</b></span></p> <p><b>sshdump</b> <span style="white-space: nowrap;"><b>--extcap-interface</b>=<interface></span> <span style="white-space: nowrap;"><b>--extcap-dlts</b></span></p> <p><b>sshdump</b> <span style="white-space: nowrap;"><b>--extcap-interface</b>=<interface></span> <span style="white-space: nowrap;"><b>--extcap-config</b></span></p> <p><b>sshdump</b> <span style="white-space: nowrap;"><b>--extcap-interface</b>=<interface></span> <span style="white-space: nowrap;"><b>--fifo</b>=<path to file or pipe></span> <span style="white-space: nowrap;"><b>--capture</b></span> <span style="white-space: nowrap;"><b>--remote-host=myremotehost</b></span> <span style="white-space: nowrap;"><b>--remote-port=22</b></span> <span style="white-space: nowrap;"><b>--remote-username=user</b></span> <span style="white-space: nowrap;"><b>--remote-interface=eth2</b></span> <span style="white-space: nowrap;"><b>--remote-capture-command='tcpdump -U -i eth0 -w-'</b></span></p> <h1 id="DESCRIPTION">DESCRIPTION</h1> <p><b>Sshdump</b> is a extcap tool that allows one to run a remote capture tool in a SSH connection. The requirement is that the capture executable must have the capabilities to capture from the wanted interface.</p> <p>The feature is functionally equivalent to run commands like</p> <p>$ ssh remoteuser@remotehost -p 22222 'tcpdump -U -i IFACE -w -' > FILE & $ wireshark FILE</p> <p>$ ssh remoteuser@remotehost '/sbin/dumpcap -i IFACE -P -w - -f "not port 22"' > FILE & $ wireshark FILE</p> <p>Supported interfaces:</p> <dl> <dt id="ssh">1. ssh</dt> <dd> </dd> </dl> <h1 id="OPTIONS">OPTIONS</h1> <dl> <dt id="help">--help</dt> <dd> <p>Print program arguments.</p> </dd> <dt id="version">--version</dt> <dd> <p>Print program version.</p> </dd> <dt id="extcap-interfaces">--extcap-interfaces</dt> <dd> <p>List available interfaces.</p> </dd> <dt id="extcap-interface-interface">--extcap-interface=<interface></dt> <dd> <p>Use specified interfaces.</p> </dd> <dt id="extcap-dlts">--extcap-dlts</dt> <dd> <p>List DLTs of specified interface.</p> </dd> <dt id="extcap-config">--extcap-config</dt> <dd> <p>List configuration options of specified interface.</p> </dd> <dt id="capture">--capture</dt> <dd> <p>Start capturing from specified interface and write raw packet data to the location specified by --fifo.</p> </dd> <dt id="fifo-path-to-file-or-pipe">--fifo=<path to file or pipe></dt> <dd> <p>Save captured packet to file or send it through pipe.</p> </dd> <dt id="remote-host-remote-host">--remote-host=<remote host></dt> <dd> <p>The address of the remote host for capture.</p> </dd> <dt id="remote-port-remote-port">--remote-port=<remote port></dt> <dd> <p>The SSH port of the remote host.</p> </dd> <dt id="remote-username-username">--remote-username=<username></dt> <dd> <p>The username for ssh authentication.</p> </dd> <dt id="remote-password-password">--remote-password=<password></dt> <dd> <p>The password to use (if not ssh-agent and pubkey are used). WARNING: the passwords are stored in plaintext and visible to all users on this system. It is recommended to use keyfiles with a SSH agent.</p> </dd> <dt id="sshkey-SSH-private-key-path">--sshkey=<SSH private key path></dt> <dd> <p>The path to a private key for authentication.</p> </dd> <dt id="remote-interface-remote-interface">--remote-interface=<remote interface></dt> <dd> <p>The remote network interface to capture from.</p> </dd> <dt id="remote-capture-command-capture-command">--remote-capture-command=<capture command></dt> <dd> <p>A custom remote capture command that produces the remote stream that is shown in Wireshark. The command must be able to produce a PCAP stream written to STDOUT. See below for more examples.</p> </dd> <dt id="extcap-capture-filter-capture-filter">--extcap-capture-filter=<capture filter></dt> <dd> <p>The capture filter</p> </dd> </dl> <h1 id="EXAMPLES">EXAMPLES</h1> <p>To see program arguments:</p> <pre><code> sshdump --help</code></pre> <p>To see program version:</p> <pre><code> sshdump --version</code></pre> <p>To see interfaces:</p> <pre><code> sshdump --extcap-interfaces</code></pre> <p>Only one interface (ssh) is supported.</p> <pre><code> Output: interface {value=ssh}{display=SSH remote capture}</code></pre> <p>To see interface DLTs:</p> <pre><code> sshdump --extcap-interface=ssh --extcap-dlts Output: dlt {number=147}{name=ssh}{display=Remote capture dependent DLT}</code></pre> <p>To see interface configuration options:</p> <pre><code> sshdump --extcap-interface=ssh --extcap-config Output: arg {number=0}{call=--remote-host}{display=Remote SSH server address}{type=string} {tooltip=The remote SSH host. It can be both an IP address or a hostname}{required=true} arg {number=1}{call=--remote-port}{display=Remote SSH server port}{type=unsigned} {default=22}{tooltip=The remote SSH host port (1-65535)}{range=1,65535} arg {number=2}{call=--remote-username}{display=Remote SSH server username}{type=string} {default=myusername}{tooltip=The remote SSH username. If not provided, the current user will be used} arg {number=3}{call=--remote-password}{display=Remote SSH server password}{type=password} {tooltip=The SSH password, used when other methods (SSH agent or key files) are unavailable.} arg {number=4}{call=--sshkey}{display=Path to SSH private key}{type=fileselect} {tooltip=The path on the local filesystem of the private ssh key} arg {number=5}{call=--sshkey-passphrase}{display=SSH key passphrase} {type=string}{tooltip=Passphrase to unlock the SSH private key} arg {number=6}{call=--remote-interface}{display=Remote interface}{type=string}{default=eth0} {tooltip=The remote network interface used for capture} arg {number=7}{call=--remote-capture-command}{display=Remote capture command}{type=string} {tooltip=The remote command used to capture.} arg {number=8}{call=--remote-filter}{display=Remote capture filter}{type=string} {default=not ((host myip) and port 22)}{tooltip=The remote capture filter} arg {number=9}{call=--remote-count}{display=Packets to capture}{type=unsigned}{default=0} {tooltip=The number of remote packets to capture. (Default: unlimited)}</code></pre> <p>To capture:</p> <pre><code> sshdump --extcap-interface=ssh --fifo=/tmp/ssh.pcap --capture --remote-host 192.168.1.10 --remote-username user --remote-filter "not port 22"</code></pre> <p>To use different capture binaries:</p> <pre><code> sshdump --extcap-interface=ssh --fifo=/tmp/ssh.pcap --capture --remote-host 192.168.1.10 --remote-capture-command='dumpcap -i eth0 -P -w -' sshdump --extcap-interface=ssh --fifo=/tmp/ssh.pcap --capture --remote-host 192.168.1.10 --remote-capture-command='sudo tcpdump -i eth0 -U -w -'</code></pre> <p>NOTE: To stop capturing CTRL+C/kill/terminate application.</p> <h1 id="SEE-ALSO">SEE ALSO</h1> <p>wireshark(1), tshark(1), dumpcap(1), extcap(4), tcpdump(1)</p> <h1 id="NOTES">NOTES</h1> <p><b>Sshdump</b> is part of the <b>Wireshark</b> distribution. The latest version of <b>Wireshark</b> can be found at <a href="https://www.wireshark.org">https://www.wireshark.org</a>.</p> <p>HTML versions of the Wireshark project man pages are available at: <a href="https://www.wireshark.org/docs/man-pages">https://www.wireshark.org/docs/man-pages</a>.</p> <h1 id="AUTHORS">AUTHORS</h1> <pre><code> Original Author -------- ------ Dario Lombardo <lomato[AT]gmail.com></code></pre> </body> </html>
Copyright ©2021 || Defacer Indonesia