How to process tcpdump live data stream from a remote machine on a local WireShark 1

Recently we needed to process the results of a tcpdump command using the GUI version of WireShark on machine that did not have a window manager installed. That device was an embedded device, for which it did not make sense to even consider installing a window manager on it. So, in order to process the results of the tcpdump command we decided to use another machine that had a full working window manager installed and was able to operate the GUI version of WireShark.

For our solution to work some requirements were expected to be met by the embedded device (a.k.a. remote machine).

  1. tcpdump was installed on the remote machine
  2. ssh server was installed on the remote machine and allowed us to connect to it remotely
  3. there was a user that had remote ssh rights on the remote machine that also had the rights to execute tcpdump on the needed interfaces

Synopsis of our solution:

Just execute the following on the machine with the GUI (a.k.a. local machine)

mkfifo /tmp/board;
wireshark -k -i /tmp/board &
ssh [email protected] "tcpdump -s 0 -U -n -w - -i lo not port 22" > /tmp/board;

Explanation of our solution:

Following are the steps that we performed on the local machine to pipe the results of tcpdump on the remote machine on the wireshark on the local machine.

  1. First we created a named pipe as follows:
    mkfifo /tmp/board;
    You can name your pipe anyway you like and place it in any folder you wish. We used /tmp as our pipe is a temporary construct that we do not care to preserve across time/restarts.
  2. Then we started wireshark from a terminal so that we could pass as capture interface the named pipe we just created using the -i /tmp/board parameter. The -k parameter instructs wireshark to start the capture session immediately.
    wireshark -k -i /tmp/board &
    Since this operation was going to execute for a long time, we sent it to the background to release the terminal for further use by placing the & symbol at the end of the command.
  3. Finally, we started tcpdump over ssh on a board and redirected its output to our named pipe.
    ssh [email protected] "tcpdump -s 0 -U -n -w - -i lo not port 22" > /tmp/board;
    The parameters we used on tcpdump have the following effects:
    -s 0 instructs tcpdump to set the snapshot length of data from each packet to the default value of 262144 bytes.
    -U Since the -w option is not specified, make the printed packet output packet-buffered. Which means that it will print the description of the contents of each packet without waiting for the output buffer to get full.
    -n Does not convert host addresses to names. This can be used to avoid DNS lookups.
    -w - Write the raw packets to Standard Output rather than parsing them.
    -i lo Defines which interface to listen on. We wanted the loopback interface to listen to everything.
    not port 22 Since we used ssh to start this command, we do not want to listen to the data that we produce as well and flood the inputs.


How to use git features on a local project without a Git server

Like many of you, sometimes we develop code that does not belong to a Git server.
Working as so, one would think that we would miss all the features of a Version Control System (VCS).
Fortunately, this assumption is wrong.
Using the already installed Git tools, we can create a new local repository in any system folder with no additional configuration.

To do so, and create a new repository from an existing project, we need to do the following using a terminal/shell:

  1. Navigate into the directory that contains the project e.g. cd /home/bytefreaks/Projects/Party/banana/
  2. Type git init
    This command will create an empty Git repository in that folder and it will produce a message as follows:
    Initialized empty Git repository in /home/bytefreaks/Projects/Party/banana/.git/
  3. In case you have files that should not be included in your repository, it is better that you create a .gitignore file and add them there.
    This way you will be able to indicate all of the files that you don’t want to the repository to track.
  4. Use git add . (please note that you need the dot . for this command)
    This command will stage all files that are not in .gitignore to be part of your next commit.
  5. Finally, type git commit or git commit -m "Initial Commit with status bla bla", to make your first commit to the repository
  6. Profit!

By now, you should have a fully functional local git repository without the assistance of an external server.