Last active
February 14, 2021 08:50
-
-
Save robinsmidsrod/6e847b3039d24f4f9885 to your computer and use it in GitHub Desktop.
Capture packets via remote tcpdump using SSH and display in local Wireshark client (Windows batch file)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@echo off | |
rem Figure out path to plink.exe | |
set putty_dir_key="HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PuTTY_is1" | |
for /f "tokens=3*" %%x in ('reg query %putty_dir_key% /v "InstallLocation"') do set putty_dir=%%x %%y | |
if not defined putty_dir ( | |
echo Please install PuTTY using Windows installer from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html | |
exit /b 1 | |
) | |
set plink="%putty_dir%\plink.exe" | |
rem Figure out path to wireshark.exe | |
set wireshark_dir_key="HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wireshark" | |
for /f "tokens=3*" %%x in ('reg query %wireshark_dir_key% /v "InstallLocation"') do set wireshark_dir=%%x %%y | |
if not defined wireshark_dir ( | |
echo Please install Wireshark using Windows installer from https://www.wireshark.org/download.html | |
exit /b 1 | |
) | |
set wireshark="%wireshark_dir%\Wireshark.exe" | |
rem Ask for hostname if not specified as first parameter | |
set host=%1 | |
if not defined host set /p host= What SSH host do you want to capture from? | |
rem Ask for interface if not specified as second parameter | |
set iface=%2 | |
if not defined iface ( | |
%plink% root@%host% tcpdump -D | |
set /p iface= What interface do you want to capture from? | |
) | |
rem Default to a sensible pattern if not specified as the third parameter | |
set pattern=%3 | |
if not defined pattern ( | |
if "%iface%" == "eth0" set pattern="not host %host% and not port 22" | |
if "%iface%" == "any" set pattern="not host %host% and not port 22" | |
) | |
rem Run tcpdump with output to pipe and read pipe from wireshark | |
%plink% root@%host% tcpdump -U -i %iface% -s0 -w - %pattern% | %wireshark% -k -i - |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
thanks!