如何对远程主机捕包并在本地wireshark显示?
Posted futuretea
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了如何对远程主机捕包并在本地wireshark显示?相关的知识,希望对你有一定的参考价值。
脚本如下:
#!/usr/bin/env bash
[[ -n $DEBUG ]] && set -x
# set -eou pipefail
useage(){
cat <<"EOF"
USAGE:
hostdump.sh TARGET IFACE [OPTIONS...]
EOF
}
exit_err() {
echo >&2 "${1}"
exit 1
}
if [ $# -lt 2 ];then
useage
exit 1
fi
LOCAL_TCPDUMP=/usr/local/bin/static-tcpdump
REMOTE_TCPDUMP=/tmp/static-tcpdump
TARGET=$1
IFACE=$2
shift 2
if sshpass -e "${TARGET}" [[ ! -f "${REMOTE_TCPDUMP}" ]];then
sshpass -e scp "${LOCAL_TCPDUMP}" "${TARGET}":"${REMOTE_TCPDUMP}"
fi
sshpass -e ssh "${TARGET}" "${REMOTE_TCPDUMP}" -i "${IFACE}" -s 0 -U -w - $@ | /bin/sh -c "sudo wireshark -k -i -"
使用方法
准备静态编译的tcpdump
配置好~/.ssh/config
Host host1
Hostname 192.168.1.100
User roothostdump.sh host1 eth0以上是关于如何对远程主机捕包并在本地wireshark显示?的主要内容,如果未能解决你的问题,请参考以下文章