This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

intercept packet send by a DSP to an host inside a VPN network

0

Hi all, i'm new... i'm facing this problem for a while and i'm a bit out of ideas. Basically i'd like to intercept the packet send by a remote DSP/DSPs to a host directly connected to them via ssh. I can connect to a third host via VPN that communicate with those two parts. Please somebody help me :)...

Thanks to all,

Stefano

asked 04 Sep '12, 03:24

stefano_r's gravatar image

stefano_r
1111
accept rate: 0%


One Answer:

0

DSP/ssh/vpn? I'm afraid, but that's all a bit vague. Can you please post some more information about your network infrastructure? Something like this:

C1[DSP] -- C2[ssh] --- VPN Tunnel -- C3

Some questions:

  • What is "remote DSP"?
  • What traffic do you want to capture (ssh, DSP traffic,etc.)?
  • Where do you want to capture: C1, C2, C3 ??
  • What is the OS of the involved computers (is Wireshark available)?

Regards
Kurt

answered 04 Sep '12, 04:46

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Hi Kurt,

sorry for my poor explanation, yes exactly like this! Well with remote DSP i mean that i'm working in Italy while the DSPs are located in Germany, along with the what you marked as C2 host. Iìd like to be able to analyze the DSP traffic between C1 and C2......regarding the last question well...i'm not aware of the OS in those PC right now, the same for Wireshark.

Br,

Stefano

(04 Sep '12, 08:43) stefano_r

O.K. so, the "DSP" traffic (did you explain what that is?) gets tunneled through ssh. Right?

If so, you will only be able to capture ssh traffic on C1 and C2, as Wireshark will only see the network packets leaving or entering the machine. That does not help, as ssh is encrypted and Wireshark cannot decrypt it.

What happens to the data after it leaves the ssh tunnel? Is it forwarded to another system, written to disk, processed by another process?

Regarding the OS. If the OS does not support Wireshark (that's why I asked), your out of business, at least in terms of using Wireshark. ;-)

(04 Sep '12, 14:29) Kurt Knochner ♦