https://www.vultr.com

The Everywhere Cloud

Deploy an instance.
Accelerate your application.


Monitoring network traffic with tcpdump

By -

The following procedure demonstrates how to use tcpdump to sniff and log packets going in and out of a machine's network interfaces.

==========

1. Identify the network interfaces available.

user@host: $ tcpdump --list-interfaces

1.wlp6s0 [Up, Running]
2.lo [Up, Running, Loopback]
3.any (Pseudo-device that captures on all interfaces) [Up, Running]
4.enp5s0 [Up]

2. Set the sniffing tool to listen on a network interface for packets and send the output to a file for easy review later.

2.1. To and from a target port, such as HTTP, regardless of host.

user@host: $ sudo tcpdump -A -i any -l -s 0 -vvv tcp port 80 > mytcpdumpout.txt 2>&1

2.2. To and from a target host, regardless of port.

user@host: $ sudo tcpdump -A -i any -l -s 0 -vvv host nameOfMachine > mytcpdumpout.txt 2>&1

2.3. The flags used to adjust the behavior of tcpdump are as follows.

[ -A ] prints packets in ASCII format and make them readable, excluding data link layer headers.
[ -i any ] captures packets from any network interface.
[ -l ] prints the output in lines for easy reading.
[ -s 0 ] limits the packet length captured to default (262144 bytes).
[ -vvv ] produces very, very verbose output.

3. Open another terminal and follow the output on the file using tail.

user@host: $ tail -f mytcpdumpout.txt

4. End the tcpdump capture by press Ctrl-C on the listening terminal.

==========

Comments

Post a Comment

Popular posts from this blog

Enabling HTTPS in Home Assistant

By -
Image
The following procedure activates HTTPS for the Home Assistant server. The secure protocol uses TLS/SSL certificates to encrypt the data transferred between user and server. Although it is possible to make this home automation system, whether in  Linux or  FreeBSD , accessible over the Internet, Home Assistant is usually operated within private networks, either physical or virtual. In this case, self-signed certificates may be acceptable to use and quicker to deploy. ========== 1. Log in as the system account. 1.1. Linux, with $HOME "bin" included in $PATH (-i) of system account (-u). user@host: $ sudo -i -u homeassistant 1.2. FreeBSD, coming from "root" superuser. root@host: # su - homeassistant 2. Go to the Home Assistant configuration directory. user@host: $ cd ~/.homeassistant 3. Make a directory for SSL certificates. user@host: $ mkdir ssl 4. Ensure that only the system account and members of its group can access the directory. user@host:...
Read more

Running Home Assistant on FreeBSD Servers

By -
Image
Home Assistant is an open-source home automation system powered by Python, primarily intended to run on single-board computers like the Raspberry Pi, with Linux as the host operating system. The following procedure shows how to run Home Assistant Core on FreeBSD servers, on either physical or virtual machines. ========== 1. PREPARING THE SERVER 1.1. Update the package list and upgrade the existing packages. root@host: # pkg update && pkg upgrade -y 1.2. Install Python and other required packages. root@host: # pkg install python38 py38-sqlite3 openssl autoconf libffi rust 1.3. Create a system account with disabled login (-w no), a dedicated home directory (-m), and some informational text (-c comment). root@host: #  pw useradd homeassistant -w no -m -c "Home Assistant" 1.3.1. If groups for hardware input/output are present, append the system account. Else, skip this step for now. root@host: #  pw groupmod gpio -m homeassistant root@host: #  pw groupmod i2c -m ...
Read more

Configuring the FreeBSD Firewall with IPFW

By -
Image
IPFW is one of several firewalls included in FreeBSD by default. It has a command-line tool to handle the policies for incoming and outgoing connections. In the configurations discussed here, network connections "from any to any" are deliberately avoided to prevent potential bounce attacks from happening, if the server is not intended to act as a router. Instead, a request/respond or incoming/outgoing rule pair is adopted to direct the flow of network traffic. The main objective is to set up IPFW to block unauthorized remote access to unsecured ports on the server. But if attackers manage to break in through a vulnerability on some programs running on authorized incoming ports, the outgoing restrictions will prevent massive data exfiltration, stopping intruders dead in their tracks. A similar approach can be done on Debian-based Linux distributions using UFW . ========== 1. STRICT CONFIGURATION 1.1. Create a custom shell script for IPFW commands. root@host: #  ee /etc/...
Read more