Bashscripts.org

#!/bin/bash

## Default settings
# ssh version
SSHV="-2"
# port
PORT="22"
# be verbose?
VERBOSE=false

# Set known hosts to /dev/null and no strict hostkey checking
HOSTCHECK="-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"

## Usage ...
Usage() {
   cat << USAGE
usage: `basename "$0"` Look at the script...
less $(type wiredump | cut -d ' ' -f 3)
USAGE
exit 1
}

## If no arguments are given show Usage
[ "$#" = "0" ] && Usage

## if the verbose flag is set, echo date and string
Verbose() {
    STRING="$@"
    PREFIX="[`date +"%D %H:%M:%S"`]: "
    ${VERBOSE} && echo ${PREFIX} ${STRING}
}
while getopts ":vp:f:12" options
do
    case $options in
        v)
        VERBOSE=true
        ;;
        p)
        PORT=${OPTARG}
        ;;
        f)
        FIL=${OPTARG}
        ;;
        1)
        SSHV="-1"
        ;;
        2)
        SSHV="-2"
        ;;
        *|?)
        Usage
        ;;
    esac
done

## Exclude the port we are connecting to
FILTER="! port ${PORT}"

## Add optional filters
[ -n "${FIL}" ] && FILTER="${FILTER} and '${FIL}'"
Verbose "The current tcpdump filter is: ${FILTER}"

## remove any arguments found so far
shift $((${OPTIND} - 1))

## Check for ip and interface and set the variables
[ -z $1 ] && echo "No IP address" || IP=$1
shift
[ -z $1 ] && echo "No interface" || IFACE=$1
shift
Verbose "Remote host: ${IP}\nRemote interface: ${IFACE}"

Exit() {
    clear
    exit
}

Cleanup() {
    ## kill the ssh session if needed
    if [ -n "${SSHPID}" ]; then
   pkill -0 -P "${SSHPID}"
   i=$?; [ "$i" == 0 ] && kill "${SSHPID}"
    fi

    ## Kill wireshark if needed
    if [ -n "${WSPID}" ]; then
   pkill -0 -P "${WSPID}"
   i=$?; [ "$i" == 0 ] && kill "${WSPID}"
    fi

    ## Remove our pipe
    if [ -e "${PIPE}" ] ; then
   rm -f "${PIPE}"
   Verbose "Pipe removed"
    fi
    Exit
}

## our trap (kill process group)
trap Cleanup INT TERM

## Set up the named pipe
PIPE="/tmp/${IP}_${IFACE}.${RANDOM}"
## Creating the named pipe
Verbose "Creating the named pipe"
mkfifo ${PIPE}
Verbose "Created pipe: ${PIPE}"

## The ssh command
SSHCMD="ssh ${SSHV} -p ${PORT} ${HOSTCHECK} -C -f -l root ${IP}"

## The tcpdump command
TCPDCMD="tcpdump -w - -s0 -nli ${IFACE} ${FILTER}"

## The full command
FCMD="$SSHCMD $TCPDCMD"

## Staring ssh session with remote tcpdump
Verbose "Starting the ssh session"
${FCMD} > "${PIPE}" &

## Starting wireshark
wireshark -k -i "${PIPE}" &
WSPID=$!
Verbose "Wireshark PID: ${WSPID}"

## Let it sleep a bit as ssh sometimes starts slow
sleep 2
SSHPID=$(pgrep -f "${FCMD}")
Verbose "Ssh PID: ${SSHPID}"

wait
Cleanup