Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 6 subscribers
  • Views 1398 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NetCat not working?

Dave Curr

I'm trying to use NC to divert tcpdump output from UTM to a windows client, but i get literally nothing at both ends - no errors, no data, no network traffic, nothing at all.

UTM command:   tcpdump -i wlan1 port 21 -vv -s 0 -XX | nc -s [UTM IP] [destination IP] 45678

client command:  ncat -l 45678

This works fine between the Windows client and another linux-based system, but not from the UTM. I know that no traffic is making it to the workstation, even with the client's firewall turned off, suggesting UTM is the cause. I've tried without the -s switch, and also using a Linux client, all with the same result. running TCPDUMP in another console session on the UTM also doesn't see any traffic in either direction under any scenario i have tried.

Although it would be nice if it did work, it doesn't need to, as there are other (albeit slightly more complicated) ways of achieving the same result, but i'm curious why it doesn't.

According to http://www.greenvalleyconsulting.org/2019/01/31/sophos-xg-firewall-how-to-create-and-download-packet-capture-with-netcat/ it works (or at least did work) on XG.

Thanks



This thread was automatically locked due to age.
  • 0

    i directly save from tcpdump all the time.

    https://community.sophos.com/kb/en-us/134286


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0

    I have tried this out – and actually this has worked very well. However your tcpdump syntax is wrong.

    “s0 -U -w –“ is essential, check out the tcpdump man page and the org. post.

    https://www.tcpdump.org/manpages/tcpdump.1.html

    look for    --packet-buffered

     

    UTM

    xxxx:/home/login #  tcpdump -ni any host 8.8.8.8 -s0 -U -w - | nc -w3 192.168.xxx.11 1111

    tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes

     

    ^C288 packets captured

    288 packets received by filter

    0 packets dropped by kernel

     

     

     -- Client --

     

    C:\Users\xxx\Downloads>ncat.exe -l -p 1111 > test.pcap

     

     

    netstat -ano | find "1111"

    TCP    0.0.0.0:1111           0.0.0.0:0              LISTENING       1332

    Ye and the client firewall must be off

     

     

    However, I usually just save the file locally on the UTM and download it with WinSCP.

    You can combine it with with -z gzip or -z bzip2  to save space.

    tcpdump -ni eth0 -w /var/log/test1.pcap -s0 -z gzip

     

     

Unfiltered HTML