How to Monitor SSH port forwarded traffic

Discussion in 'Linux Networking' started by A, Oct 18, 2006.

  1. A

    A Guest

    I have a box which people may use to proxy their web traffic through
    using SSH dynamic port forwarding (ssh -D). Is there a way that I can
    monitor/capture just that traffic, to exclude other traffic passing over
    that interface?
     
    A, Oct 18, 2006
    #1
    1. Advertisements

  2. A

    A Guest

    (apologies if this message appeared 3 times. My browser kept reporting
    that sending failed so I kept trying, then I noticed it showed up in
    google groups. I have attempted to cancel the extra messages.)
     
    A, Oct 18, 2006
    #2
    1. Advertisements

  3. User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1b2)
    Gecko/20060823 SeaMonkey/1.1a

    You have been posting all these from a Linux machine, why don't you
    learn to user some real new-reader; try thunderbird, tin, slrn, pan,
    knode, xnews and, or trn in addition to mozilla/seamonkey mail. The
    slrnpull and, or leafnode can help you work offline.
     
    Balwinder S \bsd\ Dheeman, Oct 18, 2006
    #3
  4. A

    Chris Davies Guest

    Well, you know what port you've assigned to -D so you can listen to it.
    Is this what you're after?

    ssh -D 1080 -n -N some.remote.host # Maybe also -f or -v
    tshark -pi any port 1080 # Or tethereal

    The ssh -v option will let you see what ssh is doing. The tshark/tethereal
    command dumps the network traffic, and since it sees it's on the SOCKS
    port 1080 it applies SOCKS protocol translation to the traffic for you.

    Chris
     
    Chris Davies, Oct 18, 2006
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.