Tag: router

Wireshark remote capture over SSH

Short video posted on YouTube by The Technology Firm describing it. https://www.youtube.com/watch?v=jYuHS-2g0BM

This feature is a GUI for the sshdump tool. It is not installed by default in the Windows version but is in the Linux version. In Windows, when you get to the “Choose Components” page, scroll down under External Capture tools (extcap) and select sshdump.

The function needs tcpdump on the remote end and Ubiquiti routers have it installed by default. Probably many other brands have it as well.

You now have an option for SSH remote capture in the interfaces menu.

Check that you have ssh connectivity to the remote unit and remote in via the console. Use ‘show interfaces’ to list the interfaces and note the name of the one you want to record. Exit. Then proceed with the capture configuration in Wireshark.

This is the config GUI dialogue for Linux. It’s slightly different in Windows which is in the linked video.

Enter the address and ssh port number

Enter the interface to be recorded on the remote router and be sure to check the sudo option otherwise it fails. No need to modify the capture filter.

Click the start button and with a little delay, the traffic appears in Wireshark.

The error messages can be a bit obscure and take some careful reading to figure out what the actual problem is. This one is for a bad password.

Allowing Windows client VPN connection to an Edge router thru a router/modem firewall

The provider modem can be a problem if the network you want to connect to is behind another router downstream. Some have the option to set a passthru for VPN but not all. You can configure the modem as a bridge which disables the modem as a network controller. This may work for some cases but needs careful planning if you have an existing network using the default modem governed network.

I’ve found both Verizon and Comcast business modem/routers have a DMZ option which exposes one internal machine to the public network and this works to put the router on the external network interface. However, the T-mobile 5G home connection will not connect in this configuration even though Verizon home Fios and many others work just fine.

The best option I’ve found is to forward ports 500 and 4500 to the internal Edge X router. I found these using Wireshark. I’m sure they are documented somewhere. Port 500 is initially used when connecting to the Edgerouter thru the firewall but shifts to port 4500 after initial contact. Forwarding eliminates the killer conflict between T-Mobil and Comcast modems when using the Comcast option to expose an internal machine.