Skip to content

Instantly share code, notes, and snippets.

@mrlnc

mrlnc/ws_remote.md

Last active October 23, 2020 14:34
Show Gist options
  • Save mrlnc/4723702fb28d00d910a5462f1f43cef4 to your computer and use it in GitHub Desktop.
Save mrlnc/4723702fb28d00d910a5462f1f43cef4 to your computer and use it in GitHub Desktop.
Download ZIP
Wireshark from remote host, with fish autocompletion
Raw
ws_remote.md

I frequently need wireshark to inspect the traffic on remote machines. This is a fish-shell shortcut to start tcpdump on the remote host and pipe it into a local wireshark.

Requirements:

  • local fish-shell
  • local wireshark installation
  • tcpdump on remote

In ~/.config/fish, create directories functions and completions.

Create the function ws_remote in ~/.config/fish/functions/ws_remote.fish:

function ws_remote --argument-names 'remote_host' --description "Start wireshark on remote ssh host"
	if test -n "$remote_host"
		ssh  $remote_host sudo tcpdump -iany -U -s0 -w - 'port not 22' | wireshark -k -i -
	else
		echo "Usage: ws_remote ssh_host"
		return 1
	end
end

Create the autocompletion hints in ~/.config/fish/completions/ws_remote.fish:

complete -c ws_remote -f -a "(__fish_print_hostnames)

That's it. __fish_print_hostnames will expand to all the hosts and ssh remotes configured on your machine.

Troubleshooting

  • Traffic missing. The rule above is set to ignore port 22 (ssh) because we tunnel all the traffic through ssh.
@mrlnc
Copy link
Author

mrlnc commented Oct 23, 2020

Screenshot 2020-10-23 at 12 54 18

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment