[lug] WRT54GL is snarfing ssh port-forwarded HTTP traffic
David L. Anselmi
anselmi at anselmi.us
Sat Jun 9 18:53:10 MDT 2012
Jed S. Baer wrote:
> So I take machine A and connect to a wifi network, to tunnel in to B, as
> follows:
> ssh -L 10101:hostname:80 -p portnum user at hostname
> where portnum is the port sshd is listening on, on host B
[...]
> When I fire up a web browser to connect to http://localhost:10101/, what
> happens is I get the http auth dialog from the WRT's internal web server.
> If I attempt to use http://localhost:10101/doku/ I get an error page
> showing '400 bad request illegal filename'.
So I would conclude that your browser is connecting to the WRT, not the local SSH socket that is
forwarded. Is there any causing localhost to resolve to the WRT's address?
> I've used wireshark to try to see what's happening, and nothing reveals
> itself. I don't see unencrypted http packets outbound from A. If I snoop
> on eth0 and the loopback device on B, there's nothing to see, because
> nothing is getting through. If I snoop on the ethernet device on A I see
> the unencrypted traffic from the WRT.
How is the WRT sending HTTP to A? What ports on A and the WRT? Who sent the SYN to set up the
connection?
Dave
More information about the LUG
mailing list