https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15845
--- Comment #2 from LuWa <wallischlu...@gmail.com> ---
(In reply to Dario Lombardo from comment #1)
> Can you activate the debug flag+file and paste the command which is used to
> run the extcap? The problem seems related to the sudo command, so first we
> have to figure out if the remote command is run with or without it,
> according to your settings.
Hey Dario,
thanks for your fast answer!
started with 'blue fin button':
cmdline: /usr/lib/x86_64-linux-gnu/wireshark/extcap/sshdump --capture
--extcap-interface sshdump --fifo
/tmp/wireshark_extcap_sshdump_20190617080813_fvVWGH --remote-host
192.168.40.225 --remote-port 22 --remote-username root --sshkey ~/.ssh/id_rsa
--remote-interface eth0 --remote-sudo false --remote-filter not port 22
--remote-count 0 --debug true --debug-file PATH_TO_DEBUGFILE/ws_debug_file.log
Running: sudo tcpdump -U -i 'eth0' -w - 'not port 22'
started with '-k option':
cmdline: /usr/lib/x86_64-linux-gnu/wireshark/extcap/sshdump --capture
--extcap-interface sshdump --fifo
/tmp/wireshark_extcap_sshdump_20190617082559_RZUhYV --remote-host
192.168.40.225 --remote-port 22 --remote-username root --sshkey ~/.ssh/id_rsa
--remote-interface eth0 --remote-sudo false --remote-filter not port 22
--remote-count 0 --debug true --debug-file PATH_TO_DEBUGFILE/ws_debug_file.log
Running: sudo tcpdump -U -i 'eth0' -w - 'not port 22'
started with start button in the settings window:
cmdline: /usr/lib/x86_64-linux-gnu/wireshark/extcap/sshdump --capture
--extcap-interface sshdump --fifo
/tmp/wireshark_extcap_sshdump_20190617083135_3QKRv2 --debug-file
PATH_TO_DEBUGFILE/ws_debug_file.log --remote-host 192.168.40.225
--remote-filter not port 22 --sshkey ~/.ssh/id_rsa --remote-username root
--debug true
Running: tcpdump -U -i 'eth0' -w - 'not port 22'
started with 'blue fin button' after setting extcap.ssdump.remotesudo and
extcap.sshdump.remotenoprom to their default value with a doubleclick in the
andvanced settings:
cmdline: /usr/lib/x86_64-linux-gnu/wireshark/extcap/sshdump --capture
--extcap-interface sshdump --fifo
/tmp/wireshark_extcap_sshdump_20190617083936_PCeXOB --remote-host
192.168.40.225 --remote-port 22 --remote-username root --sshkey ~/.ssh/id_rsa
--remote-interface eth0 --remote-filter not port 22 --remote-count 0 --debug
true --debug-file PATH_TO_DEBUGFILE/ws_debug_file.log
Running: tcpdump -U -i 'eth0' -w - 'not port 22'
It seems the "--remote-sudo false" flag is misinterpreted in the first two
cases -.-
It seems that after i set extcap.ssdump.remotesudo and
extcap.sshdump.remotenoprom to their default value i can launch it with
following command:
subproc_args = ["wireshark", "-i", "sshdump",
"-o", "extcap.sshdump.remoteusername:" + pbx_username,
"-o", "extcap.sshdump.remotehost:"+pbx_addr,
"-o", "extcap.sshdump.sshkey:"+sshkey_path,
"-o", "extcap.sshdump.remotefilter:"+remote_filter,
"-o", "extcap.sshdump.debug:true",
"-o",
"extcap.sshdump.debugfile:PATH_TO_DEBUGFILE/ws_debug_file.log",
"-k"
]
Debug result:
cmdline: /usr/lib/x86_64-linux-gnu/wireshark/extcap/sshdump --capture
--extcap-interface sshdump --fifo
/tmp/wireshark_extcap_sshdump_20190617084931_zIfhtA --remote-host
192.168.40.225 --remote-port 22 --remote-username root --sshkey ~/.ssh/id_rsa
--remote-interface eth0 --remote-filter not port 22 --remote-count 0 --debug
true --debug-file PATH_TO_DEBUGFILE/ws_debug_file.log
Running: tcpdump -U -i 'eth0' -w - 'not port 22'
Seems to work!
So it seems i found my mistake on my own, but i have still a few questions
remaining:
-Why it worked in first place with start from the settings-window?
-I'm obviously using the two options wrong. What's the correct way to use them,
where can i find documentation for that?
-Should these settings really take their value from the previous wireshark
launch?
-Once set these two options to a value, i think i can't reset the value via
command-line, or is there a way?
Bests Lukas
--
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe