Rurn Posted July 9, 2017 Share Posted July 9, 2017 Hey all, I'm new, had the LAN turtle for about three weeks and I'm loving it. I have limited knowledge of the RF spectrum and I'm new to networks etc, but I've learnt so much by solving problems as I've gone along. However one thing I'm stuck with is setting up an SSH tunnel to the turtle remotely, in order to get a more diverse capture than I believe URLsnarf is capable of. Current setup Windows 10 putty (and/or Kali in Vbox) SSH to a digitalocean VPS SSH into my turtle remotely. I've searched the forums and googled for "wireshark remote ssh capture" etc, but everything I find seems either irrelevant or goes way over my head. From what I did understand it seems like I may not be able to do it. And I figured if it was possible, wouldn't everyone be using Wireshark instead of URLSnarf (which seems basic to me) Questions Do any of you gurus know if it is possible to get a relatively comprehensive live capture from the LAN turtle via SSH? Has anyone done this yet? Quote Link to comment Share on other sites More sharing options...
Lemni Posted July 10, 2017 Share Posted July 10, 2017 You can use tcpdump du save data to a file and read it in real time in your distant server Let's say that you have configured sshfs and it's working Steps : On the LanTurtle runthe following command, you can replace "port 80" by any valid filter tcpdump -i eth0 -U -w /sshfs/pcapFile "port 80" On your server use wireshark with a Pipe (cf : https://wiki.wireshark.org/CaptureSetup/Pipes ) mkfifo /tmp/sharkfin wireshark -k -i /tmp/sharkfin & tail -f -n +1 /pathToSshfs/pcapFile > /tmp/sharkfin & If you don't want to use sshfs you can also use something like this : echo "tcpdump -i eth0 -U -s0 -w - \"not port 22\" 2> /dev/null | ssh -p 22 user@$host \"touch /path/to/file && cat - > /path/to/file\"" | at now #Or execute the command direclty without the echo | at now Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.