[Wireshark-bugs] [Bug 15845] Problems with sshdump "Error by extcap pipe: sh: sudo: command not found"

Mon, 17 Jun 2019 00:19:34 -0700 

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15845

--- Comment #2 from LuWa <wallischlu...@gmail.com> ---
(In reply to Dario Lombardo from comment #1)
> Can you activate the debug flag+file and paste the command which is used to
> run the extcap? The problem seems related to the sudo command, so first we
> have to figure out if the remote command is run with or without it,
> according to your settings.

Hey Dario,
thanks for your fast answer!

started with 'blue fin button':
cmdline: /usr/lib/x86_64-linux-gnu/wireshark/extcap/sshdump --capture
--extcap-interface sshdump --fifo
/tmp/wireshark_extcap_sshdump_20190617080813_fvVWGH --remote-host
192.168.40.225 --remote-port 22 --remote-username root --sshkey ~/.ssh/id_rsa
--remote-interface eth0 --remote-sudo false --remote-filter not port 22
--remote-count 0 --debug true --debug-file PATH_TO_DEBUGFILE/ws_debug_file.log 
Running: sudo tcpdump -U -i 'eth0'  -w -  'not port 22'


started with '-k option':
cmdline: /usr/lib/x86_64-linux-gnu/wireshark/extcap/sshdump --capture
--extcap-interface sshdump --fifo
/tmp/wireshark_extcap_sshdump_20190617082559_RZUhYV --remote-host
192.168.40.225 --remote-port 22 --remote-username root --sshkey ~/.ssh/id_rsa
--remote-interface eth0 --remote-sudo false --remote-filter not port 22
--remote-count 0 --debug true --debug-file PATH_TO_DEBUGFILE/ws_debug_file.log 
Running: sudo tcpdump -U -i 'eth0'  -w -  'not port 22'



started with start button in the settings window:
cmdline: /usr/lib/x86_64-linux-gnu/wireshark/extcap/sshdump --capture
--extcap-interface sshdump --fifo
/tmp/wireshark_extcap_sshdump_20190617083135_3QKRv2 --debug-file
PATH_TO_DEBUGFILE/ws_debug_file.log --remote-host 192.168.40.225
--remote-filter not port 22 --sshkey ~/.ssh/id_rsa --remote-username root
--debug true 
Running:  tcpdump -U -i 'eth0'  -w -  'not port 22'


started with 'blue fin button' after setting extcap.ssdump.remotesudo and
extcap.sshdump.remotenoprom to their default value with a doubleclick in the
andvanced settings:
cmdline: /usr/lib/x86_64-linux-gnu/wireshark/extcap/sshdump --capture
--extcap-interface sshdump --fifo
/tmp/wireshark_extcap_sshdump_20190617083936_PCeXOB --remote-host
192.168.40.225 --remote-port 22 --remote-username root --sshkey ~/.ssh/id_rsa
--remote-interface eth0 --remote-filter not port 22 --remote-count 0 --debug
true --debug-file PATH_TO_DEBUGFILE/ws_debug_file.log 
Running:  tcpdump -U -i 'eth0'  -w -  'not port 22'


It seems the "--remote-sudo false" flag is misinterpreted in the first two
cases -.-


It seems that after i set extcap.ssdump.remotesudo and
extcap.sshdump.remotenoprom to their default value i can launch it with
following command:
    subproc_args = ["wireshark", "-i", "sshdump",
                    "-o", "extcap.sshdump.remoteusername:" + pbx_username,
                    "-o", "extcap.sshdump.remotehost:"+pbx_addr,
                    "-o", "extcap.sshdump.sshkey:"+sshkey_path,
                    "-o", "extcap.sshdump.remotefilter:"+remote_filter,
                    "-o", "extcap.sshdump.debug:true",
                    "-o",
"extcap.sshdump.debugfile:PATH_TO_DEBUGFILE/ws_debug_file.log",
                    "-k"
                    ]
Debug result:
cmdline: /usr/lib/x86_64-linux-gnu/wireshark/extcap/sshdump --capture
--extcap-interface sshdump --fifo
/tmp/wireshark_extcap_sshdump_20190617084931_zIfhtA --remote-host
192.168.40.225 --remote-port 22 --remote-username root --sshkey ~/.ssh/id_rsa
--remote-interface eth0 --remote-filter not port 22 --remote-count 0 --debug
true --debug-file PATH_TO_DEBUGFILE/ws_debug_file.log 
Running:  tcpdump -U -i 'eth0'  -w -  'not port 22'

Seems to work!

So it seems i found my mistake on my own, but i have still a few questions
remaining:
-Why it worked in first place with start from the settings-window? 
-I'm obviously using the two options wrong. What's the correct way to use them,
where can i find documentation for that?
-Should these settings really take their value from the previous wireshark
launch?
-Once set these two options to a value, i think i can't reset the value via
command-line, or is there a  way?

Bests Lukas

-- 
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via:    Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
             mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

Reply via email to