One Comment

  1. Hey there! I work in IT Security, so I’m more than happy to answer any questions you might have about this stuff 🙂

    FTP is generally on the “Naughty” list, as far as we’re concerned. All your credentials are passed around in the clear, much as they are if you use Telnet. If you must transfer files around, use FTP/S (the TLS encrypted version of FTP) or either SFTP (the File Transfer system executed from SSH, and bundled with most SSH packages) or SCP (the File Copy system, which is part of SSH, unless it’s been compiled out…. anyway, it’s usually there!).

    You’ll have seen packets being shipped around when you were on the console of the SSH server, as it needs to know which characters you are typing on the command line (e.g. if you press the Tab key, it might try to complete a command or switch). Also, if you have an interactive process, like tmux or Byobu running, there will be screen updates from that application all the time it’s running.

    I’m not sure why you didn’t see anything from your Pi when it was supposed to have been tweeting. It probably should have made an HTTPS request on TCP/443 at the point the request was going out.

    You can also use the tcpdump command when SSH’d into the device and force a request to occur, like this:

    tcpdump -w capture.pcap -s 0 -i eth0 not port 22

    This means:
    * “-w capture.pcap”
    run the tcpdump and output what’s occuring to a file called “capture.pcap” for later analysis in Wireshark or tcpdump.
    * “-s 0”
    capture all the bytes in the packet, not just the first 1024
    * “-i eth0”
    Use the interface eth0. If you’ve got more than one interface, use just the one you’re expecting the traffic to exit from.
    * “not port 22”
    Here you can specify things like “host 192.0.2.1 and host 192.0.2.2” to see the conversation between two hosts, or “not icmp” or “port 443” or “not host 255.255.255.255″… but the reason I specifically call out “not port 22” is because otherwise you’ll see the SSH session you’ve got running 🙂

    Anyway, there’s a lot of stuff here. Feel free to ping me back if there’s something you’d like help with!

Leave a Reply

Your email address will not be published. Required fields are marked *