Wireshark

From Bitpost wiki
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Guidelines

  • LEARN HOW TO FILTER, or be overwhelmed
  • You can't see url path or query params when using https, they are encrypted

Remote monitoring

It's not too hard to monitor another machine that may not have X on it.

First you have to TEMPORARILY allow [ssh root] on the exposed server, DO NOT LEAVE THIS ON:

ssh bitpost
emacs /etc/ssh/sshd_config # add root to AllowUsers

Then on the monitoring box, set up a shared pipe, use ssh to route a tcpdump, and capture it in wireshark.

ssh viper
sudo su -
mkfifo /tmp/bitpost_443 # make a shared pipe
wireshark -k -i /tmp/bitpost_443
ssh bitpost "tcpdump -s 0 -U -n -w - -i eth0 not port 22" > /tmp/bitpost_443

CLEANUP

  • remove pipe
ssh viper && sudo rm /tmp/bitpost_443
  • FIX THE EXPOSED SERVER to disable [ssh root]:
ssh bitpost
emacs /etc/ssh/sshd_config # remove root from AllowUsers

Over X

Not sure a good idea...

   m@mbehrnsm-red:~$ ssh -Y jrh1
   ec2-user@ip-172-31-29-104:~$ sudo su -
   [root@ip-172-31-29-104 ~]# xauth add $(xauth -f ~ec2-user/.Xauthority list|tail -1)
   [root@ip-172-31-29-104 ~]# wireshark&