Find the answer to your Linux question:
Results 1 to 6 of 6
I want to use tcpdump to capture packets of website visiting with firefox on a remote machine. I'm now operating on my laptop with fedora I want the firefox is ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    May 2012
    Posts
    87

    ssh DISPLAY issues and remote DESKTOP


    I want to use tcpdump to capture packets of website visiting with firefox on a remote machine.
    I'm now operating on my laptop with fedora
    I want the firefox is opened on the remote machine, not on my laptop



    I ssh onto the machine and notice that I can't open firefox coz no DISPLAY is set
    so I set DISPLAY
    Code:
    export DISPLAY=":0.0"
    and then start tcpdump and open firefox with a website
    but I got nothing about the website
    while the firefox seems to be running
    Code:
    [root@canard tor_capture]# sudo -u wgong firefox www.google.com &
    [1] 15061
    [root@canard tor_capture]# ps -ef|grep "firefox"
    root     15061 14987  0 23:33 pts/0    00:00:00 sudo -u wgong firefox www.google.com
    esolve    15062 15061  4 23:33 pts/0    00:00:00 /usr/lib64/firefox/firefox
    esolve    15080 15062  0 23:33 pts/0    00:00:00 [firefox] <defunct>
    root     15104 14987  0 23:33 pts/0    00:00:00 grep --color=auto firefox
    what is wrong with this?






    besides, I want to configure remote desktop TigerVNC following the guide:
    setting up vncserver on Fedora 16 | zeusville

    the author said:
    Code:
    let’s update iptables:
    
    sudo vi /etc/sysconfig/iptables
    
    Add this to the file:
    
    -A INPUT -p tcp -m state --state NEW -m tcp --dport 5903 -j ACCEPT
    
    Save the file, then restart iptables and verify that the port is active.
    
    sudo systemctl restart iptables.service
    
    sudo iptables --list | grep 5903
    ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp d
    but I get
    Code:
    [root@canard tor_capture]# systemctl restart iptables.service
    [root@canard tor_capture]# iptables --list 
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    how to deal with this?
    thanks!
    Last edited by esolve; 10-27-2012 at 12:28 AM.

  2. #2
    Just Joined!
    Join Date
    Oct 2012
    Posts
    5
    for the Tiger vnc part:

    Are directly running the iptables --list
    cause by what you described, you need to go to sysconfig file of iptables and tadd that file
    and GREP port 5903
    i dont see your commanding doing grep.

    sorry if i missed it

  3. #3
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,353
    Quote Originally Posted by esolve View Post
    I want to use tcpdump to capture packets of website visiting with firefox on a remote machine.
    What is the tcpdump command that you are using? Something like this works for me:

    Code:
    tcpdump -i p32p1 -A dst port 80
    You can also check out tcpflow (terminal-based) or Wireshark (GUI) for inspecting the TCP packets.

    besides, I want to configure remote desktop TigerVNC following the guide:
    Did you add the iptables command to your /etc/sysconfig/iptables file? Post the contents of that file.

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    May 2012
    Posts
    87
    there is no /etc/sysconfig/iptables on the remote machine
    I modified /etc/sysconfig/iptables-config instead:

    Code:
    # Load additional iptables modules (nat helpers)
    #   Default: -none-
    # Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), which
    # are loaded after the firewall rules are applied. Options for the helpers are
    # stored in /etc/modprobe.conf.
    IPTABLES_MODULES=""
    
    # Unload modules on restart and stop
    #   Value: yes|no,  default: yes
    # This option has to be 'yes' to get to a sane state for a firewall
    # restart or stop. Only set to 'no' if there are problems unloading netfilter
    # modules.
    IPTABLES_MODULES_UNLOAD="yes"
    
    # Save current firewall rules on stop.
    #   Value: yes|no,  default: no
    # Saves all firewall rules to /etc/sysconfig/iptables if firewall gets stopped
    # (e.g. on system shutdown).
    IPTABLES_SAVE_ON_STOP="no"
    
    # Save current firewall rules on restart.
    #   Value: yes|no,  default: no
    # Saves all firewall rules to /etc/sysconfig/iptables if firewall gets
    # restarted.
    IPTABLES_SAVE_ON_RESTART="no"
    
    # Save (and restore) rule and chain counter.
    #   Value: yes|no,  default: no
    # Save counters for rules and chains to /etc/sysconfig/iptables if
    # 'service iptables save' is called or on stop or restart if SAVE_ON_STOP or
    # SAVE_ON_RESTART is enabled.
    IPTABLES_SAVE_COUNTER="no"
    
    # Numeric status output
    #   Value: yes|no,  default: yes
    # Print IP addresses and port numbers in numeric format in the status output.
    IPTABLES_STATUS_NUMERIC="yes"
    
    # Verbose status output
    #   Value: yes|no,  default: yes
    # Print info about the number of packets and bytes plus the "input-" and
    # "outputdevice" in the status output.
    IPTABLES_STATUS_VERBOSE="no"
    
    # Status output with numbered lines
    #   Value: yes|no,  default: yes
    # Print a counter/number for every rule in the status output.
    IPTABLES_STATUS_LINENUMBERS="yes"
    
    -A INPUT -p tcp -m state --state NEW -m tcp --dport 5903 -j ACCEPT


    Quote Originally Posted by atreyu View Post
    What is the tcpdump command that you are using? Something like this works for me:

    Code:
    tcpdump -i p32p1 -A dst port 80
    You can also check out tcpflow (terminal-based) or Wireshark (GUI) for inspecting the TCP packets.
    what does "p32p1" mean?
    I used the ethernet card eth0 instead of "p32p1" and captured nothing
    Last edited by esolve; 10-27-2012 at 04:46 PM.

  6. #5
    Just Joined!
    Join Date
    May 2012
    Posts
    87
    I edited /etc/sysconfig/iptables-config
    you can see my reply above
    Last edited by esolve; 10-27-2012 at 04:46 PM.

  7. #6
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,353
    Quote Originally Posted by esolve View Post
    there is no /etc/sysconfig/iptables on the remote machine
    I modified /etc/sysconfig/iptables-config instead:
    i don't think you want to add it there. i'd remove it, then restart iptables:
    Code:
    systemctl restart iptables.service
    then add the rule manually:
    Code:
    iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 5903 -j ACCEPT
    then save it:
    Code:
    iptables-save > /tmp/iptables
    then take a look at that file (/tmp/iptables), post it here if you'd like. if it works, and otherwise looks good, move it to /etc/sysconfig/iptables.

    then next time you restart iptables, it should load the new rule.

    what does "p32p1" mean?
    I used the ethernet card eth0 instead of "p32p1" and captured nothing
    that was the right thing to do. "p32p1" is my network interface - it is Fedora's (and thus Red Hat's) new way of device naming. See this thread.

    not sure why you caught nothing, though. are you running it as root?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •