sshdig: fix documentation and help output

Drop mention of the remote interface option which sshdig doesn't have. Have the example write to an scap file. Have remote count reflect on events, not packets.
THIS-IS-NOT-A-BACKUP · Feb 7, 2025 · 663f092 · 663f092
1 parent d903f75
commit 663f092
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 9 deletions.
diff --git a/doc/man_pages/sshdig.adoc b/doc/man_pages/sshdig.adoc
@@ -58,7 +58,6 @@ sshdig - Provide interfaces to capture system calls from a remote host through S
 *--remote-host=myremotehost*
 *--remote-port=22*
 *--remote-username=user*
-*--remote-interface=eth2*
 *--remote-capture-command='sysdig --unbuffered --write=-'*
 
 == DESCRIPTION
@@ -143,9 +142,6 @@ The passphrase for the private key for authentication.
 --proxycommand=<proxy command>::
 The command to use as proxy for the SSH connection.
 
---remote-interface=<remote interface>::
-The remote network interface to capture from.
-
 --remote-capture-command-select=<capture command-selection>::
 The command to run on the remote system.
 Either *sysdig* for a remote capture command using sysdig, or *other*, where the remote capture command must be provided with the *--remote-capture-command* option.
@@ -226,7 +222,7 @@ To see interface configuration options:
 
 To capture:
 
-    sshdig --extcap-interface=sshdig --fifo=/tmp/ssh.pcap --capture --remote-host 192.168.1.10
+    sshdig --extcap-interface=sshdig --fifo=/tmp/ssh.scap --capture --remote-host 192.168.1.10
     --remote-username user
 
 // To use different capture binaries:
@@ -244,7 +240,7 @@ To capture:
 NOTE: kbd:[CTRL+C] should be used to stop the capture in order to ensure clean termination.
 
 The sshdig binary can be renamed to support multiple instances. For instance if we want sshdig
-to show up twice in stratoshark (for instance to handle multiple profiles), we can copy sshdig to
+to show up twice in Stratoshark (for instance to handle multiple profiles), we can copy sshdig to
 sshdig-host1 and sshdig-host2. Each binary will show up an interface name same as the executable
 name. Those executables not being "sshdig" will show up as "custom version" in the capture source description.
 

diff --git a/extcap/sshdig.c b/extcap/sshdig.c
@@ -287,8 +287,8 @@ static int list_config(char *interface)
             "{type=string}{tooltip=User name of privileged user to execute the capture command on the remote machine}"
             "{group=Capture}\n", inc++);
     printf("{group=Capture}\n");
-    printf("arg {number=%u}{call=--remote-count}{display=Packets to capture}"
-            "{type=unsigned}{default=0}{tooltip=The number of remote packets to capture. (Default: inf)}"
+    printf("arg {number=%u}{call=--remote-count}{display=Events to capture}"
+            "{type=unsigned}{default=0}{tooltip=The number of remote events to capture. (Default: inf)}"
             "{group=Capture}\n", inc++);
     printf("arg {number=%u}{call=--remote-modern-bpf}{display=Use eBPF}{type=boolflag}{default=true}"
             "{tooltip=Use eBPF for capture. With this no kernel module is required}{group=Capture}\n", inc++);
@@ -380,7 +380,7 @@ int main(int argc, char *argv[])
     extcap_help_add_option(extcap_conf, "--remote-capture-command <capture command>", "the remote capture command");
     extcap_help_add_option(extcap_conf, "--remote-priv <selection>", "none, sudo or doas");
     extcap_help_add_option(extcap_conf, "--remote-priv-user <username>", "privileged user name");
-    extcap_help_add_option(extcap_conf, "--remote-count <count>", "the number of packets to capture");
+    extcap_help_add_option(extcap_conf, "--remote-count <count>", "the number of events to capture");
     extcap_help_add_option(extcap_conf, "--remote-modern-bpf", "use eBPF");
 
     ws_opterr = 0;