Wireshark-users: Re: [Wireshark-users] Remote Capture in Wireshark of a server located in multipl

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Stuart Longland <stuartl@xxxxxxxxxxxxxxxxxx>
Date: Sat, 26 Sep 2020 14:58:16 +1000
On 26/9/20 1:26 pm, luke devon via Wireshark-users wrote:
> I have SSH access to Server A, But I don't have SSH access to Server B. Server A has SSH access to Server B.So I need to capture real-time tcpdump of Server B, via Server A.

OpenSSH has the ProxyJump command (and its corresponding argument: -J):

`ssh -J user1@proxy1,user2@proxy2 targetuser@targethost`

Or in `~/.ssh/config`:

```
Host targethost
	ProxyJump user1@proxy1,user2@proxy2
```

Then you just interact with `targethost` as if it was local.

http://man.openbsd.org/ssh_config#ProxyJump

Older OpenSSH versions can utilise `ProxyCommand` with `nc` or `netcat`.

```
Host targethost
        ProxyCommand ssh -q user2@proxy2 nc targethost 22

Host proxy2
	ProxyCommand ssh -q user1@proxy1 nc proxy2 22
```

http://man.openbsd.org/ssh_config#ProxyCommand

If you're using something other than OpenSSH, investigate the equivalent
settings in your SSH client implementation.
-- 
Stuart Longland (aka Redhatter, VK4MSL)

I haven't lost my mind...
  ...it's backed up on a tape somewhere.