Support for the TCPDump Adapter has been added the LiveWire Omnipeek UI. The TCPDump Adapter is a plugin which allows the user to capture packets on a remote system, sending the packet data back to the LiveWire via an SSH connection.
Required SSH Configuration
Usage of this plugin will likely require changes to the LiveWire and the target box. Both endpoints must be able to agree on a ciphersuite which is also supported by Ubuntu’s libssh1.10.
LiveWire config:
- Add the following lines to /root/.ssh/config
Target config:
- Make the following changes to /etc/ssh/sshd_config
- Delete the following lines if they exist:
- Add the following line if it does not exist:
- Add ssh-rsa to the list of HostKeyAlgorithms.
Be sure to restart sshd on both endpoints and omnid on the LiveWire. Currently, only RSA and DSS keys are supported.
The user also needs to modify the /etc/sudoers file on the target host to allow tcpdump to run with elevated privilege.
Workflow
Create a new adapter:
Enter address and credentials, then click Next:
Create a capture with the new adapter: