diff options
author | William Carroll <wpcarro@gmail.com> | 2022-11-17T18·43-0800 |
---|---|---|
committer | clbot <clbot@tvl.fyi> | 2022-11-17T18·51+0000 |
commit | 179d670ef2a8c09ca1957f8cbadd0c63620218b2 (patch) | |
tree | 0297dc474a1ae06c4a168d038ee6ca48c597fb73 /users/wpcarro/website/blog | |
parent | dadfaf119529b38457aaf96de3eeadcab2b24b95 (diff) |
feat(wpcarro/blog): TCP Tunneling (note to self) r/5286
:) Change-Id: If1650e186172b8e05da8bd2a23743f56d955594b Reviewed-on: https://cl.tvl.fyi/c/depot/+/7302 Autosubmit: wpcarro <wpcarro@gmail.com> Tested-by: BuildkiteCI Reviewed-by: wpcarro <wpcarro@gmail.com>
Diffstat (limited to 'users/wpcarro/website/blog')
-rw-r--r-- | users/wpcarro/website/blog/posts.nix | 7 | ||||
-rw-r--r-- | users/wpcarro/website/blog/posts/tcp-tunneling-note.md | 68 |
2 files changed, 75 insertions, 0 deletions
diff --git a/users/wpcarro/website/blog/posts.nix b/users/wpcarro/website/blog/posts.nix index 416a367833f8..31fb0c83d8f0 100644 --- a/users/wpcarro/website/blog/posts.nix +++ b/users/wpcarro/website/blog/posts.nix @@ -106,4 +106,11 @@ content = ./posts/nginx-curl-note.md; draft = false; } + { + key = "tcp-tunneling-note"; + title = "TCP Tunneling (note to self)"; + date = 1668709613; + content = ./posts/tcp-tunneling-note.md; + draft = false; + } ] diff --git a/users/wpcarro/website/blog/posts/tcp-tunneling-note.md b/users/wpcarro/website/blog/posts/tcp-tunneling-note.md new file mode 100644 index 000000000000..4597405fae43 --- /dev/null +++ b/users/wpcarro/website/blog/posts/tcp-tunneling-note.md @@ -0,0 +1,68 @@ +## Background + +Let's say we'd like to debug a remote machine but use some of the debugging +tools we have on our local machine like wireshark. + +You *can* run `tcpdump` on the remote and then `scp` the file to your local +machine to analyze the traffic, but after doing that a few times you may want a +workflow with a tighter feedback loop. For this we'll forward traffic from a +remote machine to our local machine. + +**Note:** There's also `termshark`, which is a `wireshark` TUI that you can run +on the remote. It's quite cool! + +## Local + +Run the following on your local machine to forward your remote's traffic: + +```shell +$ ssh -R 4317:127.0.0.1:4317 -N -f user@remote +``` + +Here is an abridged explanation of the flags we're passing from `man ssh`: + +``` +-N Do not execute a remote command. This is useful for just forwarding ports. +-f Requests ssh to go to background just before command execution. +``` + +**Note:** I couldn't find a good explanation for the `-R` option, so I tried +removing it and re-running the command, but that results in a resolution error: + +``` +ssh: Could not resolve hostname 4317:127.0.0.1:4317: Name or service not known +``` + +The remote should now be forwarding traffic from port `4317` to our +machine. We can verify with the following: + +```shell +$ nc -l 4317 -k +``` + +## Testing + +Let's generate some traffic on the remote. **Note:** you should see the output +in the shell in which you're running `nc -l 4317 -k`. + +```shell +$ telnet localhost 4317 +Trying ::1... +Connected to localhost. +Escape character is '^]'. +hello +world +``` + +Locally you should see: + +```shell +λ nc -l 4317 -k +hello +world +``` + +You should now be able to `tcpdump -i lo port 4317` or just use `wireshark` +locally. + +Happy debugging! |