Wireshark: Difference between revisions

From Bitpost wiki
(Created page with "=== Remote monitoring === It's not too hard to monitor another machine that may not have X on it. First you have to TEMPORARILY allow [ssh root] on the exposed server, DO NO...")
 
No edit summary
Line 1: Line 1:
=== Guidelines ===
* LEARN HOW TO FILTER, or be overwhelmed
* You can't see url path or query params when using https, they are encrypted
=== Remote monitoring ===
=== Remote monitoring ===


Revision as of 17:44, 28 January 2018

Guidelines

  • LEARN HOW TO FILTER, or be overwhelmed
  • You can't see url path or query params when using https, they are encrypted

Remote monitoring

It's not too hard to monitor another machine that may not have X on it.

First you have to TEMPORARILY allow [ssh root] on the exposed server, DO NOT LEAVE THIS ON: 

ssh bitpost
emacs /etc/ssh/sshd_config # add root to AllowUsers

Then on the monitoring box, set up a shared pipe, use ssh to route a tcpdump, and capture it in wireshark. 

ssh viper
sudo su -
mkfifo /tmp/bitpost_443 # make a shared pipe
wireshark -k -i /tmp/bitpost_443
ssh bitpost "tcpdump -s 0 -U -n -w - -i eth0 not port 22" > /tmp/bitpost_443

FIX THE EXPOSED SERVER to disable [ssh root]: 

ssh bitpost
emacs /etc/ssh/sshd_config # remove root from AllowUsers
Retrieved from "https://bitpost.com/w/index.php?title=Wireshark&oldid=4568"