github.com/vmware/govmomi@v0.37.2/scripts/wireshark-esx.sh (about) 1 #!/bin/bash -e 2 # 3 # Capture ESXi traffic and decrypt SOAP traffic on port 443 via wireshark 4 5 # Device to capture 6 dev="${1-vmk0}" 7 8 # Device to get the ip for wireshark ssl_keys config 9 if [ "$dev" = "lo0" ] ; then 10 ip_dev="vmk0" 11 else 12 ip_dev="$dev" 13 fi 14 15 ip=$(govc host.info -k -json | \ 16 jq -r ".HostSystems[].Config.Network.Vnic[] | select(.Device == \"${ip_dev}\") | .Spec.Ip.IpAddress") 17 18 scp=(scp) 19 ssh=(ssh) 20 21 # Check if vagrant ssh-config applies to $ip 22 if [ -d ".vagrant" ] ; then 23 vssh_opts=($(vagrant ssh-config | awk NF | awk -v ORS=' ' '{print "-o " $1 "=" $2}')) 24 if grep "HostName=${ip}" >/dev/null <<<"${vssh_opts[*]}" ; then 25 ssh_opts=("${vssh_opts[@]}") 26 fi 27 fi 28 29 # Otherwise, use default ssh opts + sshpass if available 30 if [ ${#ssh_opts[@]} -eq 0 ] ; then 31 user="$(govc env GOVC_USERNAME)" 32 ssh_opts=(-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o LogLevel=FATAL -o User=$user) 33 34 if [ -x "$(which sshpass)" ] ; then 35 password="$(govc env GOVC_PASSWORD)" 36 scp=(sshpass -p $password scp) 37 ssh=(sshpass -p $password ssh) 38 fi 39 fi 40 41 if [ "$dev" != "lo0" ] ; then 42 # If you change this filter, be sure to exclude the ssh port (not tcp port 22) 43 filter="host $ip and \(port 80 or port 443\)" 44 45 dst="$HOME/.wireshark/rui-${ip}.key" 46 if [ ! -f "$dst" ] ; then 47 # Copy key from ESX 48 "${scp[@]}" "${ssh_opts[@]}" "${ip}:/etc/vmware/ssl/rui.key" "$dst" 49 fi 50 51 if ! grep "$ip" ~/.wireshark/ssl_keys 2>/dev/null ; then 52 # Add key to wireshark ssl_keys config 53 echo "adding rui.key for $ip" 54 55 cat <<EOF >> ~/.wireshark/ssl_keys 56 "$ip","443","http","$dst","" 57 EOF 58 fi 59 fi 60 61 echo "Capturing $dev on $ip..." 62 63 "${ssh[@]}" "${ssh_opts[@]}" "$ip" tcpdump-uw -i "$dev" -s0 -v -w - "$filter" | wireshark -k -i -