I frequently need wireshark to inspect the traffic on remote machines. This is a fish-shell shortcut to start tcpdump
on the remote host and pipe it into a local wireshark.
Requirements:
- local fish-shell
- local wireshark installation
tcpdump
on remote
In ~/.config/fish
, create directories functions
and completions
.
Create the function ws_remote
in ~/.config/fish/functions/ws_remote.fish
:
function ws_remote --argument-names 'remote_host' --description "Start wireshark on remote ssh host"
if test -n "$remote_host"
ssh $remote_host sudo tcpdump -iany -U -s0 -w - 'port not 22' | wireshark -k -i -
else
echo "Usage: ws_remote ssh_host"
return 1
end
end
Create the autocompletion hints in ~/.config/fish/completions/ws_remote.fish
:
complete -c ws_remote -f -a "(__fish_print_hostnames)
That's it. __fish_print_hostnames
will expand to all the hosts and ssh remotes configured on your machine.
- Traffic missing. The rule above is set to ignore port 22 (ssh) because we tunnel all the traffic through ssh.