Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Remote Capture in Wireshark of a server located in multiple hopes away

From: Stuart Longland <stuartl () longlandclan id au>
Date: Sat, 26 Sep 2020 14:58:16 +1000
On 26/9/20 1:26 pm, luke devon via Wireshark-users wrote:

I have SSH access to Server A, But I don't have SSH access to Server B. Server A has SSH access to Server B.So I need 
to capture real-time tcpdump of Server B, via Server A.


OpenSSH has the ProxyJump command (and its corresponding argument: -J):

`ssh -J user1@proxy1,user2@proxy2 targetuser@targethost`

Or in `~/.ssh/config`:

```
Host targethost
        ProxyJump user1@proxy1,user2@proxy2
```

Then you just interact with `targethost` as if it was local.

http://man.openbsd.org/ssh_config#ProxyJump

Older OpenSSH versions can utilise `ProxyCommand` with `nc` or `netcat`.

```
Host targethost
        ProxyCommand ssh -q user2@proxy2 nc targethost 22

Host proxy2
        ProxyCommand ssh -q user1@proxy1 nc proxy2 22
```

http://man.openbsd.org/ssh_config#ProxyCommand

If you're using something other than OpenSSH, investigate the equivalent
settings in your SSH client implementation.
-- 
Stuart Longland (aka Redhatter, VK4MSL)

I haven't lost my mind...
  ...it's backed up on a tape somewhere.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: