#!/bin/bash

# assuming .ssh/config is fine and ssh knows on what external port to reach the system

[[ -z $3 ]] && echo $0 box local-port nic && exit 1
box=$1
port=$2
nic=$3

# netbsd wants full path /usr/sbin/tcpdump
# slackware is happy without a path
# debian wants full path /usr/bin/tcpdump

# todo - try avoid sudo, use only when necessary

cmd="tcpdump -n -e -i $nic -s0 -w - -U not tcp port $port"

ssh $box "PATH=/usr/local/bin:/usr/local/sbin:/bin:/sbin:/usr/bin:/usr/sbin which sudo >/dev/null 2>&1 && sudo $cmd || $cmd" | \
	wireshark -k -i -

# https://www.wireshark.org/docs/man-pages/sshdump.html
# https://ask.wireshark.org/question/2506/how-do-i-use-ssh-remote-capture-in-wireshark/
# https://man.netbsd.org/tcpdump.8