Re: [tcpdump-workers] Running TCPDUMP over a web interface
Hi On Wed, Aug 17, 2011 at 1:59 AM, Sanjay Sundaresan wrote: > web interface ? you can't SSH ? I can SSH but I need to provide some kind of web interface for TCPDUMP for tech support personnel. Thanks Tek > On Sun, Aug 14, 2011 at 6:51 AM, Tek Bahadur Limbu wrote: >> Hi all, >> >> I am not sure if this is a right list to post the following question. >> >> I need to run TCPDUMP on a Linux bridge with multiple network interfaces. >> However, instead of using a shell, I need to run it over a web interface. >> >> Any guide or suggestion will be highly appreciated. >> >> >> Thanking you... >> Best regards, >> Tek Bahadur Limbu >> - >> This is the tcpdump-workers list. >> Visit https://cod.sandelman.ca/ to unsubscribe. >> > > > > -- > Sanjay Sundaresan > Grad Student > Viterbi School of Engineering, USC > - > This is the tcpdump-workers list. > Visit https://cod.sandelman.ca/ to unsubscribe. > - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Re: [tcpdump-workers] Running TCPDUMP over a web interface
Depending on the method of usage it should be reasonable to whip up a php page with some jquery to handle the requests. I'm not sure about how the the information from tcpdump would be conveyed, either via a file or stdout, and what kinds of ways the user would interact with the system, via a pseudo-shell, check boxes and some partial free form text etc but it should be do able with off the shelf pieces and some glue code. Chris On Sun, Aug 14, 2011 at 9:51 AM, Tek Bahadur Limbu wrote: > Hi all, > > I am not sure if this is a right list to post the following question. > > I need to run TCPDUMP on a Linux bridge with multiple network interfaces. > However, instead of using a shell, I need to run it over a web interface. > > Any guide or suggestion will be highly appreciated. > > > Thanking you... > Best regards, > Tek Bahadur Limbu > - > This is the tcpdump-workers list. > Visit https://cod.sandelman.ca/ to unsubscribe. > - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
[tcpdump-workers] tcpdump not capturing loopback interface traffic
Hi I am using Debian squeeze with tcpdump version 4.1.1 with libpcap version 1.1.1 and i'm having problems capturing traffic from loopback interface lo. I use tcpdump -i lo -vv. I have the server setup with stunnel running in transparent mode which i believe uses a tproxy'ish setup since it needs the below code. iptables -t mangle -N DIVERT iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT iptables -t mangle -A DIVERT -j MARK --set-mark 1 iptables -t mangle -A DIVERT -j ACCEPT ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100 echo 0 >/proc/sys/net/ipv4/conf/lo/rp_filter This all works fine and as part of my setup i need to mark packets as they leave interface lo so i do iptables -t mangle -A OUTPUT -o lo -p tcp -j MARK --set-mark 2 and this marks the packets fine. If i log/trace these packets i can see them in /var/log/messages. For example debian kernel: [76198.428894] ---[MANGLE (OUTPUT)]:--- IN= OUT=lo SRC=10.0.0.10 DST=10.0.0.100 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=63684 DF PROTO=TCP SPT=1249 DPT=80 WINDOW=32792 RES=0x00 SYN URGP=0 MARK=0x2 The problem is while tcpdump is running for interface lo i can't see this traffic and was wondering if this was by design or if i had to enable some extra feature in the config? If i ping 127.0.0.1 i see the tcpdump traffic so i know it is working, just not for the above traffic. If anyone can explain this behavior id appreciate to know. many thanks flo - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
