ssh DISPLAY issues and remote DESKTOP

[esolve]

I want to use tcpdump to capture packets of website visiting with firefox on a remote machine.
I'm now operating on my laptop with fedora
I want the firefox is opened on the remote machine, not on my laptop



I ssh onto the machine and notice that I can't open firefox coz no DISPLAY is set
so I set DISPLAY

Code:

export DISPLAY=":0.0"

and then start tcpdump and open firefox with a website
but I got nothing about the website
while the firefox seems to be running

Code:

[root@canard tor_capture]# sudo -u wgong firefox www.google.com &
[1] 15061
[root@canard tor_capture]# ps -ef|grep "firefox"
root     15061 14987  0 23:33 pts/0    00:00:00 sudo -u wgong firefox www.google.com
esolve    15062 15061  4 23:33 pts/0    00:00:00 /usr/lib64/firefox/firefox
esolve    15080 15062  0 23:33 pts/0    00:00:00 [firefox] <defunct>
root     15104 14987  0 23:33 pts/0    00:00:00 grep --color=auto firefox

what is wrong with this?






besides, I want to configure remote desktop TigerVNC following the guide:
setting up vncserver on Fedora 16 | zeusville

the author said:

Code:

let’s update iptables:

sudo vi /etc/sysconfig/iptables

Add this to the file:

-A INPUT -p tcp -m state --state NEW -m tcp --dport 5903 -j ACCEPT

Save the file, then restart iptables and verify that the port is active.

sudo systemctl restart iptables.service

sudo iptables --list | grep 5903
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp d

but I get

Code:

[root@canard tor_capture]# systemctl restart iptables.service
[root@canard tor_capture]# iptables --list 
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

how to deal with this?
thanks!

[ksurfer]

for the Tiger vnc part:

Are directly running the iptables --list
cause by what you described, you need to go to sysconfig file of iptables and tadd that file
and GREP port 5903
i dont see your commanding doing grep.

sorry if i missed it

[atreyu]

I want to use tcpdump to capture packets of website visiting with firefox on a remote machine.

What is the tcpdump command that you are using? Something like this works for me:

Code:

tcpdump -i p32p1 -A dst port 80

You can also check out tcpflow (terminal-based) or Wireshark (GUI) for inspecting the TCP packets.

besides, I want to configure remote desktop TigerVNC following the guide:

Did you add the iptables command to your /etc/sysconfig/iptables file? Post the contents of that file.

[esolve]

there is no /etc/sysconfig/iptables on the remote machine
I modified /etc/sysconfig/iptables-config instead:

Code:

# Load additional iptables modules (nat helpers)
#   Default: -none-
# Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), which
# are loaded after the firewall rules are applied. Options for the helpers are
# stored in /etc/modprobe.conf.
IPTABLES_MODULES=""

# Unload modules on restart and stop
#   Value: yes|no,  default: yes
# This option has to be 'yes' to get to a sane state for a firewall
# restart or stop. Only set to 'no' if there are problems unloading netfilter
# modules.
IPTABLES_MODULES_UNLOAD="yes"

# Save current firewall rules on stop.
#   Value: yes|no,  default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets stopped
# (e.g. on system shutdown).
IPTABLES_SAVE_ON_STOP="no"

# Save current firewall rules on restart.
#   Value: yes|no,  default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets
# restarted.
IPTABLES_SAVE_ON_RESTART="no"

# Save (and restore) rule and chain counter.
#   Value: yes|no,  default: no
# Save counters for rules and chains to /etc/sysconfig/iptables if
# 'service iptables save' is called or on stop or restart if SAVE_ON_STOP or
# SAVE_ON_RESTART is enabled.
IPTABLES_SAVE_COUNTER="no"

# Numeric status output
#   Value: yes|no,  default: yes
# Print IP addresses and port numbers in numeric format in the status output.
IPTABLES_STATUS_NUMERIC="yes"

# Verbose status output
#   Value: yes|no,  default: yes
# Print info about the number of packets and bytes plus the "input-" and
# "outputdevice" in the status output.
IPTABLES_STATUS_VERBOSE="no"

# Status output with numbered lines
#   Value: yes|no,  default: yes
# Print a counter/number for every rule in the status output.
IPTABLES_STATUS_LINENUMBERS="yes"

-A INPUT -p tcp -m state --state NEW -m tcp --dport 5903 -j ACCEPT

What is the tcpdump command that you are using? Something like this works for me:

Code:

tcpdump -i p32p1 -A dst port 80

You can also check out tcpflow (terminal-based) or Wireshark (GUI) for inspecting the TCP packets.

what does "p32p1" mean?
I used the ethernet card eth0 instead of "p32p1" and captured nothing

[esolve]

I edited /etc/sysconfig/iptables-config
you can see my reply above

[atreyu]

there is no /etc/sysconfig/iptables on the remote machine
I modified /etc/sysconfig/iptables-config instead:

i don't think you want to add it there. i'd remove it, then restart iptables:

Code:

systemctl restart iptables.service

then add the rule manually:

Code:

iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 5903 -j ACCEPT

then save it:

Code:

iptables-save > /tmp/iptables

then take a look at that file (/tmp/iptables), post it here if you'd like. if it works, and otherwise looks good, move it to /etc/sysconfig/iptables.

then next time you restart iptables, it should load the new rule.

what does "p32p1" mean?
I used the ethernet card eth0 instead of "p32p1" and captured nothing

that was the right thing to do. "p32p1" is my network interface - it is Fedora's (and thus Red Hat's) new way of device naming. See this thread.

not sure why you caught nothing, though. are you running it as root?