Remote tcpdump demo

2019-09-06 13:11:52 +02:00
parent d3e719af66
commit 04014e1254
2 changed files with 12 additions and 0 deletions
@@ -0,0 +1,11 @@
+Remote tcpdump sniffer with source filtering
+============================================
+
+1. Add any filter you want to the tcpdump command inside `tcpdump.pow`.
+2. For the sake of simplicity run `sudo kapow server tcpdump.pow`. In a
+   production environment tcpdump should be run with the appropiate permissions
+   but kapow can (and should) run as an unprivilieged user.
+3. In your local machine run `curl http://localhost:8080/sniff/wlp2s0 | sudo
+   wireshark -k -i -` if you don't want to run Wireshark as root follow this
+   guide: https://gist.github.com/MinaMikhailcom/0825906230cbbe478faf4d08abe9d11a
+4. Profit!
@@ -0,0 +1 @@
+kapow route add /sniff/{iface} -c 'tcpdump -i "$(kapow get /request/matches/iface)" -U -s0 -w - "not port 8080" | kapow set /response/stream'
				`@@ -0,0 +1 @@`
				`kapow route add /sniff/{iface} -c 'tcpdump -i "$(kapow get /request/matches/iface)" -U -s0 -w - "not port 8080" \| kapow set /response/stream'`