Thanks in advance.
asked 14 May '16, 19:21
edited 15 May '16, 06:19
Okay, so we have two points to address:
The first one is easy: you use one instance of plink to log in to machine1 and set up a tunnel through that ssh session from your Windows machine's local tcp port to machine2's tcp port 22 the following way:
This will open a new command line window for that instance of plink but won't prevent the script from continuing further. You can get rid of that extra window by using a
On the next line of the batch, you start the plink as you did, except that you specify the socket on your local machine as the server:
The second part is a bit of a headache. I've asked you on purpose whether you've already used a named pipe. The trouble is that you cannot feed Wireshark with two distinct streams through the (single) standard input (using
But while on linux it is possible to create and feed a named pipe from the command line, it seems not to be the case at Windows, so unless you'll find a ready-made solution, you'll need to write a piece of code in order to be able to set up the named pipes and feed them with the data output by the plink. So your command line options to Wireshark would be
So instead of using
And the last point is that despite what the Wiki says, Wireshark only accepts pcap (i.e. not pcapng) data format through stdin or named pipes, so depending on your tcpdump version, you may need to use the right option to make it output pcap. This excludes capturing on more than one interface by the same instance of tcpdump, i.e. in a generic case you'd need one tcpdump instance and named pipe per each source interface.
answered 15 May '16, 14:32
edited 15 May '16, 21:55