Slight confusion with SSH tunneling.

[SagaciousKJB]

I'm trying to learn the basics of SSH tunneling, and I followed a guide that I liked O'Reilly Network -- Using SSH Tunneling

So, I executed with the command syntax

Code:

$sudo ssh -L 4200:server:4200 -l user -N server

I didn't want to test it with POP right off the bat, so I setup a small Netcat connection between my desktop and server on port 4200; the server was ran with

Code:

sudo netcat -l -p 4200

and the desktop with

Code:

netcat server 4200

To establish a raw TCP connection between the two, in which I sent plaintext to view with tcpick.


The "server" in this case is the router for the network, and thus sees all the traffic. When I run tcpick on port 4200 and the interface my LAN is routed through, the data being sent on port 4200 is not encrypted.

I'm wondering if this is because since I'm already setting up the SSH connection on the server that I'm running the packet sniffing on, that it's going to see the data unencrypted no matter what. The only other machines on the network are all Windows so I haven't tried sniffing a connection tunneled between my desktop and one of them, but I'm pretty sure that the only reason I'm able to see the info unencrypted is because the machine I'm running the sniffing on is the "host" per se of the entire SSH tunnel and sees all the data unencrypted by the time it actually makes it to port 4200?

Just wondering if I've got the principles correct and a flawed test, and not the other way around.

[kakariko81280]

It looks like you've got the ssh tunnelling correct. Because you are working with ports over 1024 you shouldn't need to use sudo, but that shouldn't affect what you are trying to do just now.

The problem looks like the netcat. When you set up local port forwarding you open up a listening port on the ssh client which then encrypts the traffic and forwards it to the server, which then passes it onto whichever destination was specified in the -L switch.

To make this work, on the client, you need to do

Code:

netcat localhost 4200

Let us know how you get on,

Chris...

[SagaciousKJB]

Oh, okay, I have a better idea of what's going on here now. It seems I was bypassing the SSH tunnel almost entirely with the way I first used netcat.

However, this time, when I run a packet sniffer, I can't even see any packets traveling on 4200 at all. Is this because the data is actually being sent over port 22? I would test to see if this was the case, but I already have a few SSH sessions open, and I wouldn't be able to distinguish what was data from that and what was data from the netcat connections.

[kakariko81280]

However, this time, when I run a packet sniffer, I can't even see any packets traveling on 4200 at all. Is this because the data is actually being sent over port 22?

That is exactly what is happening. As far as I know, there is no way to distinguish what is going on, but then that is the idea.

The only thing I can suggest is making sure your tunnel is the only thing active while the transfer is going on.

Let us know how you get on,

Chris...