-
-
Save hightemp/4b68ff5d4b98a6e1c81f49de59ab7133 to your computer and use it in GitHub Desktop.
Revisions
-
quyenlv revised this gist
Sep 9, 2019 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -44,7 +44,7 @@ Local Host :: wireshark -k -i <( ssh user_name@remote_host_ip sudo tcpdump -s 0 -U -n -w - -i eth0 port 53 ) * Test by performing ``ping google.com`` on the remote machine, you will see the DNS packets in remote machine's Wireshark. -
Dec 28, 2018 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,57 @@ Topology ======== :: +------------------+ +----------------------+ | Local host | tcpdump over ssh | Remote Host | | |--------------------| |\ eth0 | +--------------+ |--------------------| |/ | | Wireshark | | | tcpdump -i eth0... | | |--------------| | +----------------------+ | | | | | | | | | +--------------+ | | | +------------------+ Remote Host =========== * Allow to run tcpdump without entering password, by ``sudo visudo``: :: username ALL = (ALL) NOPASSWD: /usr/sbin/tcpdump Local Host ========== * Generate a new keypair you run the following command: :: ssh-keygen -t rsa * Copyping the public RSA to the remote host to login without entering password: :: ssh-copy-id -i ~/.ssh/id_rsa.pub user_name@remote_host_ip * Run tcpdump over ssh on your remote machine and redirect the packets to the named pipe: :: wireshark -k -i <( ssh user_name@remote_host_ip sudo tcpdump -s 0 -U -n -w - -i eth0 port 53 * Test by performing ``ping google.com`` on the remote machine, you will see the DNS packets in remote machine's Wireshark. Reference ========= * https://serverfault.com/questions/362529/how-can-i-sniff-the-traffic-of-remote-machine-with-wireshark * https://wiki.wireshark.org/CaptureSetup/Pipes * https://www.howtoforge.com/wireshark-remote-capturing * https://unix.stackexchange.com/questions/395776/how-to-remote-execute-ssh-command-a-sudo-command-without-password