about summary refs log tree commit diff
path: root/users/wpcarro/website/blog/posts/tcp-tunneling-note.md
diff options
context:
space:
mode:
Diffstat (limited to 'users/wpcarro/website/blog/posts/tcp-tunneling-note.md')
-rw-r--r--users/wpcarro/website/blog/posts/tcp-tunneling-note.md68
1 files changed, 68 insertions, 0 deletions
diff --git a/users/wpcarro/website/blog/posts/tcp-tunneling-note.md b/users/wpcarro/website/blog/posts/tcp-tunneling-note.md
new file mode 100644
index 0000000000..4597405fae
--- /dev/null
+++ b/users/wpcarro/website/blog/posts/tcp-tunneling-note.md
@@ -0,0 +1,68 @@
+## Background
+
+Let's say we'd like to debug a remote machine but use some of the debugging
+tools we have on our local machine like wireshark.
+
+You *can* run `tcpdump` on the remote and then `scp` the file to your local
+machine to analyze the traffic, but after doing that a few times you may want a
+workflow with a tighter feedback loop. For this we'll forward traffic from a
+remote machine to our local machine.
+
+**Note:** There's also `termshark`, which is a `wireshark` TUI that you can run
+on the remote. It's quite cool!
+
+## Local
+
+Run the following on your local machine to forward your remote's traffic:
+
+```shell
+$ ssh -R 4317:127.0.0.1:4317 -N -f user@remote
+```
+
+Here is an abridged explanation of the flags we're passing from `man ssh`:
+
+```
+-N     Do  not  execute  a remote command.  This is useful for just forwarding ports.
+-f     Requests ssh to go to background just before command execution.
+```
+
+**Note:** I couldn't find a good explanation for the `-R` option, so I tried
+removing it and re-running the command, but that results in a resolution error:
+
+```
+ssh: Could not resolve hostname 4317:127.0.0.1:4317: Name or service not known
+```
+
+The remote should now be forwarding traffic from port `4317` to our
+machine. We can verify with the following:
+
+```shell
+$ nc -l 4317 -k
+```
+
+## Testing
+
+Let's generate some traffic on the remote. **Note:** you should see the output
+in the shell in which you're running `nc -l 4317 -k`.
+
+```shell
+$ telnet localhost 4317
+Trying ::1...
+Connected to localhost.
+Escape character is '^]'.
+hello
+world
+```
+
+Locally you should see:
+
+```shell
+λ nc -l 4317 -k
+hello
+world
+```
+
+You should now be able to `tcpdump -i lo port 4317` or just use `wireshark`
+locally.
+
+Happy debugging!
generated by cgit-pink 1.4.1 (git 2.44.0) at 2024-05-17T18·12+0000