Ethereal-dev: Re: [ethereal-dev] Question on remote snooping.

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Ben Greear <greearb@xxxxxxxxxxxxxxx>
Date: Tue, 08 Feb 2000 21:59:17 -0700
Gilbert Ramirez wrote:

> As per my entry in the Ethereal TODO file,
> 
> *) I just discovered that sshd sets the SSH_CLIENT variable to source IP,
> sort port, and destination port. That coupled with a destination IP
> would give us enough information to carry out remote protocol capturing,
> tcpdump over ssh:
> 
>         ssh remotehost tcpdump -s 2000 -w - filter
> 
> "filter" could be created from $SSH_CLIENT on the remote end with
> a simple little script. SSH_CLIENT is set to "client-IP client-port server-port"
> 
> Ethereal could have a multiple capture options from the GUI:
> 
> 1. Use the regular libpcap (and in some far-off future, wiretap)
>         capture facility.
> 
> 2. Run ssh to a remote host and run tcpdump/snoop/tethereal to
>         capture data. (Probably not tethereal, since it doesn't
>         dump binary data to stdout)
> 
> 3. Run a telnet session to a Lucent/Ascend or Toshiba ISDN router
>         and capture the hex dump to a file.
> 
> --gilbert

Any idea of the development time it'd take to do this?  Is it coming
soon?  I may have some time to dedicate to it in a month or so...but
please don't wait on me :)

Ben

-- 
Ben Greear (greearb@xxxxxxxxxxxxxxx)  http://scry.wanfear.com/~greear 
Author of ScryMUD:  scry.wanfear.com 4444        (Released under GPL)
http://scry.wanfear.com