Install Wireshark for Monitoring Packets in AWS EC2 Instance

Install Wireshark for Monitoring Packets in AWS EC2 Instance

1.     Login into your ec2 instance with SSH.

2.     Install Wireshark

sudo apt update
sudo apt install wireshark

–       Accept Yes -> Should non superusers be able to capture packets?
–       Wireshark will be installed.

3.     Add your current user to wireshark group

sudo usermod -aG wireshark $USER

4.     Install VNC Server

To simplify the display of data using wireshark, you use VNC Server on your instance.

sudo apt-get install ubuntu-desktop gnome-panel gnome-settings-daemon metacity nautilus gnome-terminal xfce4 vnc4server

It takes some time…

5.     Run VNC Server

vncserver

It will ask you to create a VNC password. Choose your password and enter it at the prompt, then enter it a second time to verify.

Only use a max length of 8 characters in your password.

 

6.     Edit edit ~/.vnc/xstartup and replace all the contents with the lines below. (user vim or nano)

#!/bin/sh#

Uncomment the following two lines for normal desktop:
unset SESSION_MANAGER
# exec /etc/X11/xinit/xinitrc
unset DBUS_SESSION_BUS_ADDRESS
startxfce4 &


[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
gnome-panel &
gnome-settings-daemon &
metacity &
nautilus &
gnome-terminal &

7.      Reboot your instance to apply the configurations.

8.     Enable ports 5901 & 5902 in the Security Group inbound rules

9.     Login to your ec2 instance using this command (port forwarding)

ssh -L 5902:localhost:5902 -i amazon.pem ubuntu@instance_dns_or_public_ip

10.  Start a new vncserver

vncserver -geometry 1340x750

NOTE: Here I 1340×750 refer to my desktop dimensions. You can adjust these values based on your own screen size.

11.  Download vnc viewer

https://www.realvnc.com/en/connect/download/viewer/

12.  Use vnc viewer to connect to localhost:5902

13.  Once you are in your desktop, open terminal and install once wireshark gtk

sudo apt-get install wireshark-gtk

14.  Open Wireshark

wireshark-gtk

You should see the Wireshark interface pop-up:

 

15.  Select eth0 interface and click on Start

 

16.  On filter input, write this command to filter a specific port: tcp.port == 80 or any port you want, and click on Apply.

Recent Post