capturing ezjail to ezjail traffic

A

atOm-

Hello,

As I begin using FreeBSD, I thank you for this forum. I have set up some ezjails into a FreeBSD OS. One of them is a Heimdal KDC and another is a principal server of the realm. I can login as principal user from server. As I follow this tutorial: http://www.freebsd.org/doc/handbook/kerberos5.html, one instruction/advice is to check whether the transaction doesn't involve the divulging of the password in clear:

When testing a Kerberized application, try using a packet sniffer such as tcpdump(1) to confirm that the password is not sent in the clear
Click to expand...

When using tcpdump on the KDC and principal interfaces, it doesn't capture any packet.

Code: 
tcpdump -w /tmp/dump.pcap src ip_kdc and dst ip_kdc

When I stop the KDC jail, the principal cannot login. It should mean transaction is made from principal server and KDC, using network.

Do you have any suggestions to help me out?
 
atOm- said:
When using tcpdump on the KDC and principal interfaces, it doesn't capture any packet.

Code: 
tcpdump -w /tmp/dump.pcap src ip_kdc and dst ip_kdc
Click to expand...
This only captures traffic that has both the source and destination IP of ip_kdc. And because traffic like that never actually passes out of the interface you'll never capture anything. What you probably wanted to do is:
Code: 
tcpdump -w /tmp/dump.pcap src ip_kdc or dst ip_kdc
 
Thank you SirDice for this remark, I changed the command.

However, the void persists. To be more precise, I try to capture from host on ezjails' interfaces. The following is what I get:

Code: 
root@host:/tmp # /usr/local/sbin/tcpdump -w /tmp/dump2.pcap src ip_kdc or dst ip_kdc
tcpdump: listening on em0, link-type EN10MB (Ethernet), capture size 65535 bytes
^C0 packets captured
111 packets received by filter
0 packets dropped by kernel

Launching tcpdump into the jail returns error:

Code: 
root@kdc # /tmp -w /tmp/dump2.pcap -i lo8 src ip_kdc or dst ip_kdc
tcpdump: (cannot open device) /dev/bpf: No such file or directory
 
Try doing the tcpdump on the host using -i lo0. Internal traffic should not traverse the em0 interface but you should be able to catch it on the loopback.
 
You must log in or register to reply here.
Back
Top