#!/bin/bash

# assuming .ssh/config is fine and ssh knows on what external port to reach the system

[[ -z $3 ]] && echo $0 box local-port nic && exit 1
box=$1
port=$2
nic=$3

target=`ssh $box uname`
[[ -z $target ]] && echo could not define target && exit 1

# netbsd wants full path
[[ $target = NetBSD ]] && ssh $box -l root "/usr/sbin/tcpdump -n -e -i $nic -s0 -w - -U not tcp port $port" | wireshark -k -i -

# slackware is happy without a path
# debian wants /usr/bin/tcpdump
[[ $target = Linux ]] && ssh $box -l root "/usr/bin/tcpdump -n -e -i $nic -s0 -w - -U not tcp port $port" | wireshark -k -i -

# https://www.wireshark.org/docs/man-pages/sshdump.html
# https://ask.wireshark.org/question/2506/how-do-i-use-ssh-remote-capture-in-wireshark/
# https://man.netbsd.org/tcpdump.8