Sorry, I took a look at rpcapd and noticed that it can be run on linux. Using rpcapd requires to install rpcapd on the remote machine. And some change is also required on linux wireshark since the remote capture is disabled. The ssh approach should also be taken into account IMHO because it allows remote capture without using additional software and without opening additional ports if 22 is already open.
On Fri, Oct 2, 2015 at 1:32 PM, Dario Lombardo <dario.lombardo...@gmail.com> wrote: > Do you mean to reimplement rpcapd on linux? > > On Fri, Oct 2, 2015 at 1:26 PM, Graham Bloice <graham.blo...@trihedral.com > > wrote: > >> Or look at rpcapd: >> https://www.winpcap.org/docs/docs_40_2/html/group__remote.html >> >> On 2 October 2015 at 11:57, Roland Knall <rkn...@gmail.com> wrote: >> >>> Hi >>> >>> Would it not be easier to achieve this using an extcap interface? You >>> can see the extcap_example in /doc as well as androiddump for examples. >>> Such interfaces can be configured with a separate options dialog and are >>> quite versatile, and most of all, it does not need you to change dumpcap in >>> a way that it is still working across multiple systems. >>> >>> regards, >>> Roland >>> >>> On Fri, Oct 2, 2015 at 12:35 PM, Dario Lombardo < >>> dario.lombardo...@gmail.com> wrote: >>> >>>> Hi list >>>> Remote capture is not currently supported by the current wireshark >>>> under linux. This can be achieved by ssh + pipe like this >>>> >>>> ssh host 'dumpcap -i bla -w -' | wireshark >>>> >>>> that works flawlessly but is not very user friendly. From the "remote >>>> interfaces" in linux it is stated that remote capture is not supported. >>>> >>>> So I decided to implement the above command programmatically, in order >>>> to have a remote capture under linux too. >>>> As far as I can see this task has to be split in 2 major tasks: adding >>>> a remote ssh support to dumpcap, and add a dialog to handle those option in >>>> the UIs. >>>> >>>> I started with the first task. Using libssh I created a connection to >>>> an ssh server that writes to a temporary named pipe (it's a child), while >>>> the "main" dumpcap reads as usual from that. All seems to work as expected. >>>> But before going further on I'd like to share with you what I've done so >>>> far. I pushed a draft change here >>>> >>>> https://code.wireshark.org/review/#/c/10740/ >>>> >>>> Some examples of use of this support >>>> >>>> dumpcap -i ssh://sshhost/eth0 >>>> dumpcap -i ssh://sshhost:sshport/eth2 >>>> dumpcap -i ssh://sshhost/eth0 --remote-dumpcap-bin /another/bin/dumpcap >>>> dumpcap -i ssh://sshhost:ssh -A user:strongpassword -w >>>> /tmp/sshhost-capture.pcap >>>> >>>> What still WIP: >>>> - manual >>>> - autotools >>>> - nmake >>>> >>>> Comments, suggestions, ideas appreciated. I'd suggest to give specific >>>> code comments on gerrit, and keep the generic discussion here. >>>> Thanks for your help. >>>> Dario. >>>> >>>> >> >> -- >> Graham Bloice >> >> >> ___________________________________________________________________________ >> Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> >> Archives: https://www.wireshark.org/lists/wireshark-dev >> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev >> mailto:wireshark-dev-requ...@wireshark.org >> ?subject=unsubscribe >> > >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
