Ethernet Tap over SSH

Go To Product Page

The Ethernet Tap over SSH plugin extends the power and simplicity the IO Ninja Ethernet Tap to remote Linux devices, enabling tapping of ethernet on devices like headless Raspberry Pi boards.

Basic Setup

Prerequisites

Enabling SSH

On most Linux machines, SSH is enabled by default. However, if it is not, you will need to enable it.

On Raspbian and many other popular distros, you can perform the following command:

systemctl enable --now sshd

For other Linux distributions, please refer to their documentation.

Installing the Hardware Client

The Ethernet Tap over SSH plugin uses the IO Ninja Hardware Client (ioninja-hwc).

This hardware client needs to be installed and configured on the remote machine.

Note

See Installing the Hardware Client for instructions.

SSH’ing into your Linux Machine with IO Ninja

1. In IO Ninja, click “New Session” and select a new “Ethernet Tap over SSH” session.

2. Type the host address of your remote Linux machine into the “Address:” field.

3. Click the “Capture” button to the right of the “Port:” field to initiate a connection.

Note

You will be prompted for SSH credentials.

4. Analyze the log as needed.

5. Export to a .pcap file by pressing the “Export to .pcap” button.

Settings

Setting	Description	Default
Remote address	Remote address to connect to. Can be specified via IPv4 (127.0.0.1), IPv6 (::1), or a domain name (localhost). Remote address can be suffixed with the remote port after a colon, e.g. ioninja.com:443.
Remote port (default)	Remote port to connect to in cases when a port is not explicitly specified in Remote address.	80
Use local address	Bind socket to the specified local address.	False
Adapter	Local network adapter to bind to. Pick one from the list of installed network adapters (or bind to all installed IP4 or all IP6 adapters at once).	Auto
Local port	Local port to bind to. Setting this to 0 auto-selects an available port.	8080
Reuse address	Allow multiple sockets to share the same local address. Maps to the SO_REUSEADDR socket option. Please note, the support and details of implementation for this option are highly platform-specific.	False
TCP Nagle algorithm	Delay transmission to reduce the number of small TCP packets. Maps to the TCP_NODELAY socket option.	False
TCP reset	Drop TCP connections abruptly with a TCP RST packet. Maps to the SO_LINGER socket option.	False
TCP keep-alives	Detect connection loss with TCP keep-alive probes. Maps to the TCP_KEEPALIVE socket option.	False
User name	User name for SSH authentication.
User authentication	SSH authentication method (password or private key)	Password
Private key file	Private key file for SSH authentication.
Remember last password	Re-use the last entered password during subsequent connect attempts.	True
Read block size (B)	The size of each individual read block submitted to the underlying transport.	4KB
RX buffer size (B)	The full size of the incoming data (RX) buffer. Affects read throughput.	16KB
TX buffer size (B)	The full size of the outbound data (TX) buffer. Affects write throughput..	16KB
Keep read block size	Don’t merge read blocks in RX buffer. Incoming data blocks coming in quick succession can be merged together so that IO Ninja writes them to log as a whole. When this option is set to True, blocks are written to the log without merging, i.e., exactly as they are received from the underlying transport..	False
Keep write block size	Don’t merge write blocks in TX buffer. Outbound data blocks sent in quick succession can be merged together before submission to the underlying transport. When this option is set to True, blocks are submitted to the transport without merging, i.e., exactly as they are sent by the Transmit or Script panes..	False
RX buffer full notifications	Toggle warnings in log about the incoming data (RX) buffer getting full.	False
View filter	Term to filter with when displaying packets. Packets filtered this way are still captured, but are just not shown in the log. You can see these filtered packets again by removing this filter.