Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] Add support for remote capture in linux

From: Dario Lombardo <dario.lombardo.ml@xxxxxxxxx>
Date: Fri, 2 Oct 2015 12:35:58 +0200
Hi list
Remote capture is not currently supported by the current wireshark under linux. This can be achieved by ssh + pipe like this

ssh host 'dumpcap -i bla -w -' | wireshark

that works flawlessly but is not very user friendly. From the "remote interfaces" in linux it is stated that remote capture is not supported.

So I decided to implement the above command programmatically, in order to have a remote capture under linux too.
As far as I can see this task has to be split in 2 major tasks: adding a remote ssh support to dumpcap, and add a dialog to handle those option in the UIs.

I started with the first task. Using libssh I created a connection to an ssh server that writes to a temporary named pipe (it's a child), while the "main" dumpcap reads as usual from that. All seems to work as expected. But before going further on I'd like to share with you what I've done so far. I pushed a draft change here


Some examples of use of this support

dumpcap -i ssh://sshhost/eth0
dumpcap -i ssh://sshhost:sshport/eth2
dumpcap -i ssh://sshhost/eth0 --remote-dumpcap-bin /another/bin/dumpcap
dumpcap -i ssh://sshhost:ssh -A user:strongpassword -w /tmp/sshhost-capture.pcap

What still WIP:
- manual
- autotools
- nmake

Comments, suggestions, ideas appreciated. I'd suggest to give specific code comments on gerrit, and keep the generic discussion here.
Thanks for your help.
Dario.