Please invite friends to
*http://www.sluug.org/*
<https://www.google.com/url?q=http://www.sluug.org/&sa=D&source=calendar&usd=2&usg=AOvVaw1pCygITLUCwj9arN6WP3QV>
Wed *12 June* 2024 is the MONTHLY GENERAL mtng of
*BASE* Topic:*An adventure in starting network "sniffing".*
*WireShark into TCPdump*!
Presenter: *Grant Taylo*
<https://www.google.com/url?q=https://www.sluug.org/bio/Grant_Taylor&sa=D&source=calendar&usd=2&usg=AOvVaw3U_U07yFRWkEcq5yYvuhbX>r
& *Lee Lammert*
<https://www.google.com/url?q=https://www.sluug.org/bio/Lee_Lammert&sa=D&source=calendar&usd=2&usg=AOvVaw1zJdyS9F6qtGRX3OETuxUW>
Just starting to "sniff" to see what is going on at that network
interface? Last month we showed an overview of how to start and "get the
feel". This month, lets look at some specifics. (This is a tutorial, so
if it seems a bit esoteric, we expect folks to ask questions. We hope for
a good discussion.)
Our mission tonite is to have
*Wireshark SSH to a system and run tcpdump remotelyand send the packet data
back to Wireshark on the client.*
To do this, the client needs to be able to log into the remote system and
gain sufficient privileges to run tcpdump without password prompts. There
are a few different ways to do this. The simplest hack is to allow root to
log in (with keys) and put the client's public key in
/root/.ssh/authorized_keys
so that the client can SSH directly to root
and run tcpdump. A better solution would be to log in as a normal user and
use something like sudo (without password prompt).
N.B. I use a local SSH agent to use an encrypted SSH key to both authenticate
to the remote system and to sudo on the remote system.
client% ssh -T ${REMOTE} "/usr/bin/sudo /usr/sbin/tcpdump -U -s0 -w -not
port ${SSH}" | wireshark -k -i -
Episode 2 of a series! You can see episode 1 (from May 8) in our archive
at
www.sluug.com
<https://www.google.com/url?q=http://www.sluug.com&sa=D&source=calendar&usd=2&usg=AOvVaw14P5Oszs0UL4lByPohrPTP>
and
look under Presentation Archives. for...
SLUUG Basic: *Network Sniffing for Beginners *by Grant Taylor and Lee
Lammert Slides
<https://www.google.com/url?q=https://www.sluug.org/resources/presentations/media/2024/MAIN/2024-05-08_SLUUG_Network_Sniffing_Intro.pdf&sa=D&source=calendar&usd=2&usg=AOvVaw2Dn-W-COO-oi2iub1EZ09v>
Complete recording: Video
<https://www.google.com/url?q=https://www.sluug.org/resources/presentations/media/2024/MAIN/2024-05-08_SLUUG_1920x1080.mp4&sa=D&source=calendar&usd=2&usg=AOvVaw1IAwqDxwjepqTNlaJU-zWt>
, Sound
<https://www.google.com/url?q=https://www.sluug.org/resources/presentations/media/2024/MAIN/2024-05-08_SLUUG_sound.mp4&sa=D&source=calendar&usd=2&usg=AOvVaw0TPFbkOlOkac_0ioqfZtFs>
, Captions
<https://www.google.com/url?q=https://www.sluug.org/resources/presentations/media/2024/MAIN/2024-05-08_SLUUG_captions_cc.vtt&sa=D&source=calendar&usd=2&usg=AOvVaw38gxtijoo8D6qhpD-Wwc5C>
, Chat
<https://www.google.com/url?q=https://www.sluug.org/resources/presentations/media/2024/MAIN/2024-05-08_SLUUG_chat.txt&sa=D&source=calendar&usd=2&usg=AOvVaw07xTLqgdctOE4PUvVKx9b2>.
)
===========================
6:30pm.... but sign in earlier so that you can check your mic camera, &
video without disrupting others. The "virtual mtng room in Zoom will
open at ~6pm.
