Ubuntu: Headless wireshark (or wireshark from terminal)

Recently, we wanted to use wireshark on an Ubuntu through ssh and no X-Server forwarding enabled.
After a quick search we found tshark.

TShark is a network protocol analyzer. It lets you capture packet data from a live network, or read packets from a previously saved capture file, either printing a decoded form of those packets to the standard output or writing the packets to a file. TShark‘s native capture file format is pcap format, which is also the format used by tcpdump and various other tools.
Without any options set, TShark will work much like tcpdump. It will use the pcap library to capture traffic from the first available network interface and displays a summary line on stdout for each received packet.
TShark is able to detect, read and write the same capture files that are supported by Wireshark.

From: man tshark

Install tshark on Ubuntu

sudo apt-get install tshark -y;

Using tshark to capture all traffic on eth0 to a pcap file

sudo tshark -i eth0 -w something.pcap;

Note: If you just want to capture network traffic on a network interface and not use the additional features wireshark has to offer, you can also use tcpdumpas follows

#The following command will create a files that has in its name the current date and time using the date function.
sudo tcpdump -i eth0 -w "data.`date +%Y-%m-%d\ %H.%M`.pcap";

Ubuntu server 16.04+ MySQL port is only accessible from localhost (

Recently, we got access to an Ubuntu 16.04 LTS server that had MySQL server installed on it but was not accessible to our external servers.
The service was accessible when testing from localhost but it was not when testing from any other machine.
Executing nmap from another machine would return the value 3306/tcp closed mysql   conn-refused as below.

[[email protected] ~]$ nmap -vv -p 3306

 Starting Nmap 7.40 ( https://nmap.org ) at 2017-03-06 17:21 EET
 Initiating Ping Scan at 17:21
 Scanning [2 ports]
 Completed Ping Scan at 17:21, 0.06s elapsed (1 total hosts)
 Initiating Parallel DNS resolution of 1 host. at 17:21
 Completed Parallel DNS resolution of 1 host. at 17:21, 0.00s elapsed
 Initiating Connect Scan at 17:21
 Scanning [1 port]
 Completed Connect Scan at 17:21, 0.06s elapsed (1 total ports)
 Nmap scan report for
 Host is up, received syn-ack (0.061s latency).
 Scanned at 2017-03-06 17:21:31 EET for 1s
 3306/tcp closed mysql   conn-refused
 Read data files from: /usr/bin/../share/nmap
 Nmap done: 1 IP address (1 host up) scanned in 0.16 seconds

The problem was with the default configuration of mysqld that is found in the file /etc/mysql/mysql.conf.d/mysqld.cnf.
At line 41 we got the following snippet:

# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address            =

What the line bind-address            = says is that, the service will only listen on localhost.
At this stage there are two solutions that you can apply using your favorite text editor (e.g. sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf):

Solution A:

Completely remove the line bind-address            = or comment it out by adding a # in front of it as follows #bind-address            =

Solution B:

Replace with the IP that you want mysql service to be available to. In our case the line became bind-address            =

After you are done with the change, you need to restart the service for the change to take place:

[email protected]:~$ sudo /etc/init.d/mysql restart
 [ ok ] Restarting mysql (via systemctl): mysql.service.

From an external machine you can verify that the configuration was applied correctly using nmap as below:

[[email protected] ~]$ nmap -vv -p 3306
 Starting Nmap 7.40 ( https://nmap.org ) at 2017-03-06 17:24 EET
 Initiating Ping Scan at 17:24
 Scanning [2 ports]
 Completed Ping Scan at 17:24, 0.06s elapsed (1 total hosts)
 Initiating Parallel DNS resolution of 1 host. at 17:24
 Completed Parallel DNS resolution of 1 host. at 17:24, 0.00s elapsed
 Initiating Connect Scan at 17:24
 Scanning [1 port]
 Discovered open port 3306/tcp on
 Completed Connect Scan at 17:24, 0.06s elapsed (1 total ports)
 Nmap scan report for
 Host is up, received syn-ack (0.061s latency).
 Scanned at 2017-03-06 17:24:30 EET for 0s
 3306/tcp open  mysql   syn-ack
 Read data files from: /usr/bin/../share/nmap
 Nmap done: 1 IP address (1 host up) scanned in 0.16 seconds

You should get the value 3306/tcp open  mysql   syn-ack.

Building SnoopSnitch on Ubuntu 16.10 64bit

Step A: Update the system and install all necessary packages

sudo dpkg --add-architecture i386;
sudo apt-get update;
sudo apt-get upgrade -y;
sudo apt-get install git openjdk-8-jdk dh-autoreconf ant libncurses5:i386 libstdc++6:i386 zlib1g:i386 -y;
cd ~/;
mkdir Android;
cd Android;

Step B: Download the Android SDK and install all required packages

The following download link we got it from this page https://developer.android.com/studio/

wget https://dl.google.com/android/android-sdk_r24.4.1-linux.tgz;
tar -xf android-sdk_r24.4.1-linux.tgz;
cd android-sdk-linux/tools;
#To list all available packages, including the obsolete extra-android-support
#./android list sdk --all –extended;
./android update sdk --no-ui --all --filter extra-android-support,tools,platform-tools,build-tools-19.1.0,android-19;

You will get a prompt for a license agreement, you need to type Y to proceed

November 20, 2015
Do you accept the license 'android-sdk-license-c81a61d9' [y/n]: y
cd ../..;
export ANDROID_HOME=`pwd`/android-sdk-linux;

Step C: Once the installation is complete, we need to install the Android NDK.

The following link we got it from https://developer.android.com/ndk/downloads/

wget https://dl.google.com/android/repository/android-ndk-r13b-linux-x86_64.zip;
unzip -q android-ndk-r13b-linux-x86_64.zip;
export NDK_DIR=`pwd`/android-ndk-r13b;
#If we do not update the PATH we will get the following error: ../libtool: line 1719: arm-linux-androideabi-ranlib: command not found
mkdir Projects;
cd Projects;

Step D: Afterwards, we can download SnoopSnitch and all of the git submodules of it using the following command.

git clone --recursive https://opensource.srlabs.de/git/snoopsnitch.git;

Step E: Then we need to compile two separate parts of the project.

We will start by compiling contrib/ projects, that are the supplementary projects needed for SnoopSnitch to get data.

cd snoopsnitch/contrib/;
./compile.sh -t android -u;
cd ..;

Step F: Finally, we can proceed to compile the android project of SnoopSnitch.

cd ./SnoopSnitch;

We need to update Application.mk and add APP_ABI := armeabi to it.
We do this to make sure that we compile  diag-helper.c only for armeabi as the rest of the packages will be available only on that architecture.
If we do not do this and we have a processor that supports armeabi-v7a (or different), then it will only install diag-helper.so and it will ignore the rest. Which will of course cause the application to fail.

echo "APP_ABI := armeabi" >> jni/Application.mk;
ant debug;
~/Android/android-sdk-linux/platform-tools/adb start-server

Once the compilation is complete, we can upload our apk to a device using the following commands:

#First we make sure that the adb server is running
$ANDROID_HOME/platform-tools/adb start-server;
#Then we check that our device is visible to the adb
$ANDROID_HOME/platform-tools/adb devices;
#Finally, we install the application to the device.
$ANDROID_HOME/platform-tools/adb install bin/SnoopSnitch-debug.apk;

This guide was tested on freshly installed Ubuntu 16.10 64bit.


Useful links

Ubuntu/Bash: Get the IP of eth0

Following is a small snippet that will print on screen the IP of eth0 while in Ubuntu (Both server and desktop versions).
As you will see, it is not a very sound solution as it depends on the structure of the output of ifconfig eth0.

Nevertheless is works (for Ubuntu at least)! 🙂

ifconfig eth0 | grep "inet addr" | cut -d ':' -f 2 | cut -d ' ' -f 1

What this line does is: first it prints out the configuration information for eth0, then finds the line that contains the inet addr, using cut it gets the second column of the data after separating the line using the : symbol. Right now in the pipe we will have something similar to this Bcast, so we need to filter out the last part as well. We do the last filtering by using cut again, this time by getting the first column while using the space character as the delimiter.

The Ubuntu version that was used for this tutorial is

$lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 14.04.4 LTS
Release:	14.04
Codename:	trusty

The version of ifconfig for this tutorial is

$ifconfig --version
net-tools 1.60
ifconfig 1.42 (2001-04-13)

In case you want to assign the IP of eth0 to a variable, you can easily do as follows

ETH0=`ifconfig eth0 | grep "inet addr" | cut -d ':' -f 2 | cut -d ' ' -f 1`;

Ubuntu Linux: How to Resize and add Label to a many picture files 1

Lets say you have a ton of pictures or photos that you want to resize and add a semi-transparent label at the bottom of this bulk of files and even rename them using a pattern based on a unique number.

You can either do this manually or by using imagemagick. If you chose the second way follow these steps:

First of all install it, from bash/terminal call the following:

sudo apt-get install imagemagick

When that command is successfully completed, navigate to the location that the pictures are and once you are there:

In order to resize all pictures then issue the following command (in this example we make all pictures at most 1200px long or 1200px tall and keep the aspect ratio) :

mogrify -resize 1200 *

NOTE: It will affect the original files! So if you want to keep them make sure to copy them elsewhere BEFORE issuing the above command.

After the above is done, you can issue the following set of commands to:

  1. Get each file and find it’s dimensions (which later will be used for the label creation)
  2. Rename all pictures following the number based pattern
  3. Add a semitransparent label containing custom text at the bottom
counter=0; for i in *;
do let counter=counter+1;
width=`identify -format %w "$i"`;
convert -background '#0008' -fill white -gravity center -size ${width}x30 caption:" Some Arbitrary Text " "$i" +swap -gravity south -composite NewFileName.`printf %03d $counter`.jpeg;

This command will preserve the original files.
All together with printing the file that is being processed as debuging information:

mogrify -resize 1200 *; counter=0; for i in *; do let counter=counter+1; echo $i; width=`identify -format %w "$i"`; convert -background '#0008' -fill white -gravity center -size ${width}x30 caption:" Some Arbitrary Text " "$i" +swap -gravity south -composite NewFileName.`printf %03d $counter`.jpeg; done

Sample/Result Photos:


How to setup DNS service for DHCP-enabled KVM guests

So you’ve set up KVM on your machine and you have installed a few guests to run on top, now it’s the time to access them.

Since KVM can run without a GUI, you might want to control these guests from the command line. But, how can you do it if you do not know the IP of the guests?

You can either connect to the guest using virt-viewer:

virt-viewer -c qemu:///system $MACHINE &

which requires more bandwidth since it will open up a VNC session.

Or, use ssh to connect using the guest’s name, like this:


which doesn’t require that you know the IP beforehand.

To achieve this, access guest machines using their hostname only, you can do the following: Edit /etc/resolv.conf and add the line nameserver right after the search entries .

Your file should look something like this afterwards:
domain in.bytefreaks.net
search in.bytefreaks.net

Then you are ready to go! No restarts needed no extra steps.


  • After restarting (and some times periodically), the /etc/resolv.conf file will return to its original form because it is updating each time you restart the host machine from data it gets via the network DHCP server.
  • For this tutorial to work as is, your host machine needs to have the virtual IP (the default IP of your host in libvirt — NOT THE IP of eth0, it’s a totally different thing). If you have a different libvirt IP use that one in the /etc/resolv.conf file.
  • Use your host’s IP as your first nameserver in /etc/resolv.conf to achieve name resolution for your guests.