Saturday, 2 February 2019

linux - Executing tcpdump remotely while storing packet capture locally

I have run into stumbling block while attempting to create a bash script that will write packet capture files from tcpdump onto a remote server, while displaying the output of the tcpdump command so that the user of the script knows when to halt it.


The command I am currently invoking is invoked on the server that the file is stored on, and pointed at the remote device (listed here as [AN_IP]). It looks something like this:


ssh -t [USER]@[AN_IP] -R 10000:127.0.0.1:22 "tcpdump -s0 -ei eth1 -w - | ssh -p 10000 [USER]@127.0.0.1 'tee file.pcap | /usr/sbin/tcpdump -r -'

This works more or less as desired, however, I need to be able to give the user the ability to run multiple highly specific captures from a single instance of my script.


I am unable to find a good method of automating the SSH auth process, which makes backgrounding any part of this extremely difficult, if not outright impossible - So far any methods of backgrounding this command , or any variations I can come up with, seem to result in either a failure of one or both auth dialogues to present themselves, or destruction of the SSH tunnel.


Is there some way to automatically background this script after the SSH auth dialogue is successful, without breaking the tunnel or halting the capture?

No comments:

Post a Comment

Where does Skype save my contact's avatars in Linux?

I'm using Skype on Linux. Where can I find images cached by skype of my contact's avatars? Answer I wanted to get those Skype avat...