Or look at rpcapd: https://www.winpcap.org/docs/docs_40_2/html/group__remote.html
On 2 October 2015 at 11:57, Roland Knall <rkn...@gmail.com> wrote: > Hi > > Would it not be easier to achieve this using an extcap interface? You can > see the extcap_example in /doc as well as androiddump for examples. Such > interfaces can be configured with a separate options dialog and are quite > versatile, and most of all, it does not need you to change dumpcap in a way > that it is still working across multiple systems. > > regards, > Roland > > On Fri, Oct 2, 2015 at 12:35 PM, Dario Lombardo < > dario.lombardo...@gmail.com> wrote: > >> Hi list >> Remote capture is not currently supported by the current wireshark under >> linux. This can be achieved by ssh + pipe like this >> >> ssh host 'dumpcap -i bla -w -' | wireshark >> >> that works flawlessly but is not very user friendly. From the "remote >> interfaces" in linux it is stated that remote capture is not supported. >> >> So I decided to implement the above command programmatically, in order to >> have a remote capture under linux too. >> As far as I can see this task has to be split in 2 major tasks: adding a >> remote ssh support to dumpcap, and add a dialog to handle those option in >> the UIs. >> >> I started with the first task. Using libssh I created a connection to an >> ssh server that writes to a temporary named pipe (it's a child), while the >> "main" dumpcap reads as usual from that. All seems to work as expected. But >> before going further on I'd like to share with you what I've done so far. I >> pushed a draft change here >> >> https://code.wireshark.org/review/#/c/10740/ >> >> Some examples of use of this support >> >> dumpcap -i ssh://sshhost/eth0 >> dumpcap -i ssh://sshhost:sshport/eth2 >> dumpcap -i ssh://sshhost/eth0 --remote-dumpcap-bin /another/bin/dumpcap >> dumpcap -i ssh://sshhost:ssh -A user:strongpassword -w >> /tmp/sshhost-capture.pcap >> >> What still WIP: >> - manual >> - autotools >> - nmake >> >> Comments, suggestions, ideas appreciated. I'd suggest to give specific >> code comments on gerrit, and keep the generic discussion here. >> Thanks for your help. >> Dario. >> >> -- Graham Bloice
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe