If you’re keen to try it out you can grab it from GitHub – Scratch’n’Sniff and start streaming packets remotely.ASAN_OPTIONS=detect_stack_use_after_return=1 +-Release Build Stacktrace-+ Command: /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_wireshark_9de6374568df96eba97b9288a3fce517c93d2636/revisions/fuzzshark_ip_proto-udp -rss_limit_mb=2560 -timeout=60 -runs=100 /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/crash-e9aae610a3537e54064091917aaca0f1045531dc Bot: oss-fuzz-linux-zone6-host-xhgh-11 Time ran: 0.5162882804870605 oss-fuzzshark: disabling: ip oss-fuzzshark: disabling: udplite oss-fuzzshark: disabling: ospf oss-fuzzshark: disabling: bgp oss-fuzzshark: disabling: dhcp oss-fuzzshark: disabling: json oss-fuzzshark: disabling: snort oss-fuzzshark: configured for dissector: udp in table: ip.proto INFO: Running with entropic power schedule (0xFF, 100). Python3 scratchnsniff.py -dstip 10.98.1.2 -packetfilter 'sctp or icmp' -interface lo Python3 scratchnsniff.py -dstip 10.0.1.252 -packetfilter 'port 5060' -interface enp0s25Ĭapture all sctp and icmp traffic on interface lo and send it to 10.98.1.2: Introducing Scratch’n’Sniff, a simple tcpdump front end that encapsulates all the filtered traffic of interest in TZSP the same as Mikrotiks do, and stream it (in real time) to your local machine for real time viewing in Wireshark.Ĭapture all traffic on port 5060 on interface enp0s25 and send it to 10.0.1.252 If only there was something I could use to get this same functionality on remote machines – without named pipes, X11 forwarding or any of the other “hacky” solutions… The Solution
Change permissions on PCAP file created so I can copy it.Hope that I have run it for long enough to capture the event of interest.
The Problemīut if you’re anything like me, you’re working on remote systems from your workstation, and trying to see what’s going on. A lesson learned a long time ago in Net Eng, is that packet captures (seldom) lie, and the answers are almost always in the packets.
0 kommentar(er)
