How to capture data from remote Computer?

Wireshark Remote Capturing


This short tutorial is without screenshots but a slightly more advanced usecase of Wireshark, namely doing the capture on one box and visualize the captured data in realtime on another box.


Preliminary


The following article describes the way I installed and used the software, I do not issue any guarantee that the same way works for you. You should have some basic knowledge doing things in a shell. As Wireshark runs on a wide variety of platforms, this should work on nearly every platform which are supported by Wireshark and Open-SSH. In my case Debian and Ubuntu were involved.


1. The Problem


It happened that we had some subtle problems regarding DNS, namely regarding Reverse-DNS. Our setup is simple, we have local DNS Servers which forward all queries they can not resolve to an uplink DNS, which should take care for the further nameresolution. The uplink DNS is administrated by another organisation, which led to the usual fingerpointing "we are no guilty, our equipment performs well, we have to invoice you the costs, blabla ...". Sigh. So I thought about how this problem could be further analyzed, and quickly remembered my system described in http://www.howtoforge.com/trafficanalysis-using-debian-lenny. Perfect I thought, the box is already sitting next to the uplink, and it should easily be possible to monitor all traffic which rushes over the uplink, and to have a look on all DNS related traffic, to see what happens.


My first idea was to install Wireshark directly on this box, and with the help of a little X11-forwarding to see whats going on on the uplink. But there was not enough diskspace to install Wireshark and the whole X11 related libraries.


2. The Solution


My next idea was to capture the traffic on the probe into a file, copy this file to my normal box, and read it into Wireshark. But how cumbersome, long-winded, copying files around or at least mount drives over the net. But the solution is so simple. Install tshark (the textmode related little brother of Wireshark) on the probe, call it remotely with the help of ssh, and directly pipe the output of tshark into Wireshark! This solution is from the Wireshark Wiki, but the simplicity enthused and amazed me to write this short Tutorial.


* Setup passwordless ssh login on the probe like described for instance in here, and check that it's working.
* On your local box where your Wireshark sits and waits to do something beneficial simply call it by


wireshark -k -i <( ssh -l root IP-of-probe /usr/bin/tshark -i eth0 -w - port 53 )


and enjoy. The traffic is filtered on the probe, so that you are not knocked down by the vast amount of packages which may travel over your uplink. The captured traffic is transported over a safe, encrypted ssh connection from the probe to the visualization box and you can see in real time whats going on on the uplink.


In my case I did not need to filter out the ssh traffic (as in the example in the Wireshark Wiki), because the sniffing is done on eth0, and the ssh traffic runs over eth1.There are other methods described in the Wireshark Wiki using named pipes, but this method using ssh looked like the easiest to set up to me.


One little problem I had while doing this, that ending Wireshark did not end tshark on the probe, but a
kill tshark
on the probe helped, or, if you are not logged in into the probe


ssh root@probe pkill tshark
should also work.


Regarding our DNS problem I could immidiately see whats going on. ;-)
Find the updated article Here

તમને ખબર ? – રવીન્દ્ર પારેખ

રેત, તડકો ને સ્મરણનું આ નગર,
સ્તબ્ધતાએ આદરી દીધી સફર.

રેત, તડકો ને સ્મરણનું આ નગર,
શૂન્યતા હસતી રહે અર્થોસભર.

રેત, તડકો ને સ્મરણનું આ નગર,
- ને ક્ષણો પીગળ્યા કરે સૂરજ ઉપર.

રેત, તડકો ને સ્મરણનું આ નગર,
- ને અહીં શબ્દો ભમે ભીંતો વગર.

રેત, તડકો ને સ્મરણનું આ નગર,
ઝાંઝવાનું નામ અહીંયા માનસર !

રેત, તડકો ને સ્મરણનું આ નગર,
ક્યાં હવે એમાં મળે ટહુકાનું ઘર ?

રેત, તડકો ને સ્મરણનું આ નગર,
કોણ પડછાયાને ઉલેચે અરર !

રેત, તડકો ને સ્મરણનું આ નગર,
છે સ્મરણમાં પણ મરણ, તમને ખબર ?

- રવીન્દ્ર પારેખ

રવીન્દ્રભાઈ સ્વભાવે પ્રયોગશીલ છે. અહીં આખી ગઝલમાં ઉલા મિસરા (પહેલી કડી)ને ગઝલના રદીફની જેમ જાળવી રાખીને બાકીની એક લીટી જેટલી સાંકડી જગ્યામાં એમણે આઠ શેર કહેવાનું સાહસ કર્યું છે જે ભાવકોના (સદ્)ભાગ્યે સફળ થયું છે.

કવિ જે નગરની વાત કરી રહ્યા છે એ રેતી, તડકા અને સ્મરણનું બનેલું છે… ત્રણેય કલ્પનો પર એક સાથે ધ્યાન આપીએ તો કેટલીક અર્થચ્છાયાઓ ઉપસી આવે છે. ત્રણેય પકડી શકાતા નથી, ત્રણેય પકડાય એનાથી વિશેષ છટકતા રહે છે, ત્રણેય સ્થિર નથી રહેતા અને ત્રણેયનો આકાર પણ ક્ષણેક્ષણ બદલાતો રહે છે… ત્રણેય કદાચ ભીનાશના અભાવ સાથે પણ સંકળાયેલા છે…

Busy Start of the year in the area of Internet freedom and security

First, Google  reported that it, along with a bunch of other major companies, had been hacked, and pointed the finger at China.

Then Secretary of State Hillary Rodham Clinton gave a few "Remarks on Internet Freedom" in which she pushed for one Internet, without barriers.
Separately, the Federal Trade Commission notified about 100 companies that some of their secrets had been exposed by employees who were running peer-to-peer software.

Finally the Internet security firm NetWitness said that it had figured out that 75,000 computers at 2,500 companies had been compromised with the ZeuS Trojan starting in 2008.

Nope - not a good start to 2010. I would like to think that things will quiet down some for the rest of the year but it does not look like that will happen.

In early January, Google announced that it had been hacked from China, that the hackers seemed to be after the gmail accounts of Chinese human rights activists and that Google was going to review "feasibility of our business operations in China." .Well, that caused quite a splash. Google's accusation fit so well with the general public perception of China's approach to the Internet that it was easy to assume that the hacking was directed by the Chinese government.

Properly, she did not hide the fact that communication over the Internet can be used for good (human rights activists) and evil (terrorists).

But she said that "this issue isn't just about information freedom; it is about what kind of world we want and what kind of world we will inhabit. It's about whether we live on a planet with one Internet, one global community, and a common body of knowledge that benefits and unites us all, or a fragmented planet in which access to information and opportunity is dependent on where you live and the whims of censors."

She, clearly, was on the side of one Internet.

Meanwhile, ex-NSA director Mike McConnell, writing in the Washington Post, had a different take. He said that "we need to reengineer the Internet to make attribution, geolocation, intelligence analysis and impact assessment -- who did it, from where, why and what was the result -- more manageable."

Maybe companies that connect to the Internet need to be more careful  and, in particular, companies that sell computers that connect to the Internet need to actually make security a primary concern and post fixes to vulnerabilities a lot faster than they do now.

I'd rather Clinton's Internet than McConnell's, but I recognize that the latter seems attractive to those who only look at the security problem and ignore the freedom one.


Read Complete News

How to create and use Live USB - Fedora 11 / Fedora 12

How to Make a bootable USB Drive to Install Fedora 11/ Fedora 12 instead of using a physical DVD

Why would I want to make a usbkey installer from the DVD instead of the LiveCD?

If you are installing to a netbook, or otherwise do not have an optical drive (or burner, or media), and you want the extra flexibility of using the regular DVD installer instead of the Live image, then this method will give a useful install medium. You are then free to customize package selection, choose which filesystem you prefer for your rootfs (ext3 OR ext4, btrfs, etc), and rescue mode is available.

Preparing the usbkey

The easiest setup method is to install and use unetbootin, since Fedora's own liveusb-creator and livecd-tools' livecd-iso-to-disk.sh (except for an unofficial patched version) currently do not support putting the DVD installer on USB.

The manual setup method follows:

Firstly download the iso file Fedora-11/12-i386/x86_64-DVD.iso () from a Fedora mirror. Then loop mount the iso on a local mount point such as /mnt/tmp

# mount -o loop /path-to-iso/Fedora-11/12-i386/x86_64-DVD.iso /mnt/tmp

Now plug in the usbkey and then copy the main iso file as well as the images directory from the /mnt/tmp/ directory to the root directory of the usbkey.

# cp /path-to-iso/Fedora-11/12-i386/x86_64-DVD.iso /media/usbdisk/<br /># cp -r /mnt/tmp/images /media/usbdisk/<br />

Next download the boot.iso file from a rawhide mirror from the development/i386/os/images/ directory on the mirror and store it on your computer's hard drive.

From your running F11/F12 system (including an F11/F12 livecd) make sure you have the livecd-tools package installed by doing:

yum install livecd-tools 

Use the "mount" command to find where the usbkey is (e.g. /dev/sdb1) or look at /var/log/messages to find where the key was mounted. Next umount the usbkey either from the desktop icon or using the umount command - but keep a note of where the usbkey is e.g. /dev/sdb1

Now as root run:

# livecd-iso-to-disk path-to/boot.iso /dev/sdb1 

If the key is not bootable then refer to the information below to make it bootable otherwise this command will fail.

Now you should have a bootable usbkey which will run an F11/F12 install. When you boot the key select a hard drive install and select the drive as /dev/sdb1 (or your usbkey drive) and the path should be /

The remainder of the install should be the same as for using a DVD in an optical drive, but when you select options make sure that you select your disk partitioning carefully if you are doing custom partitioning and also make sure that the bootloader is installed on the correct drive (by default it will be installed on the usbkey so you will need to change it to the master boot record on the hard drive.