[vc_row el_class=”blog-info”][vc_column][vc_single_image source=”featured_image” img_size=”full” style=”vc_box_rounded”][vc_empty_space height=”40px”][vc_row_inner][vc_column_inner width=”1/6″][/vc_column_inner][vc_column_inner width=”2/3″][vc_column_text el_class=”font-weight-bold”]

Install Wireshark for Monitoring Packets in AWS EC2 Instance

1. Login into your ec2 instance with SSH.

2. Install Wireshark

sudo apt update
sudo apt install wireshark

– Accept Yes -> Should non superusers be able to capture packets?
– Wireshark will be installed.

3. Add your current user to wireshark group

sudo usermod -aG wireshark $USER

4. Install VNC Server

To simplify the display of data using wireshark, you use VNC Server on your instance.

sudo apt-get install ubuntu-desktop gnome-panel gnome-settings-daemon metacity nautilus gnome-terminal xfce4 vnc4server

It takes some time…

5. Run VNC Server

vncserver

It will ask you to create a VNC password. Choose your password and enter it at the prompt, then enter it a second time to verify.

Only use a max length of 8 characters in your password.

6. Edit edit ~/.vnc/xstartup and replace all the contents with the lines below. (user vim or nano)

#!/bin/sh#

Uncomment the following two lines for normal desktop:
unset SESSION_MANAGER
# exec /etc/X11/xinit/xinitrc
unset DBUS_SESSION_BUS_ADDRESS
startxfce4 &


[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
gnome-panel &
gnome-settings-daemon &
metacity &
nautilus &
gnome-terminal &

7. Reboot your instance to apply the configurations.

8. Enable ports 5901 & 5902 in the Security Group inbound rules

9. Login to your ec2 instance using this command (port forwarding)

ssh -L 5902:localhost:5902 -i amazon.pem ubuntu@instance_dns_or_public_ip

10. Start a new vncserver

vncserver -geometry 1340x750

NOTE: Here I 1340×750 refer to my desktop dimensions. You can adjust these values based on your own screen size.

11. Download vnc viewer

https://www.realvnc.com/en/connect/download/viewer/

12. Use vnc viewer to connect to localhost:5902

13. Once you are in your desktop, open terminal and install once wireshark gtk

sudo apt-get install wireshark-gtk

14. Open Wireshark

wireshark-gtk

You should see the Wireshark interface pop-up:

15. Select eth0 interface and click on Start

16. On filter input, write this command to filter a specific port: tcp.port == 80 or any port you want, and click on Apply.

[/vc_column_text][vc_empty_space height=”40px”][/vc_column_inner][vc_column_inner width=”1/6″][/vc_column_inner][/vc_row_inner][/vc_column][/vc_row][vc_row el_class=”social-info”][vc_column width=”1/6″][/vc_column][vc_column width=”2/3″][vc_row_inner][vc_column_inner width=”1/2″][vc_column_text][social_share_button themes=’theme1′][/vc_column_text][/vc_column_inner][vc_column_inner el_class=”youtube-inner-col” width=”1/2″][vc_column_text][likebtn theme=”youtube” lang=”auto” show_like_label=”0″ white_label=”1″ alignment=”right”][/vc_column_text][/vc_column_inner][/vc_row_inner][vc_row_inner el_class=”social-info-inner”][vc_column_inner width=”1/4″][vc_single_image image=”921″][/vc_column_inner][vc_column_inner width=”3/4″][vc_column_text]

Diego Pacheco

Ingeniero en Sitemas, MBA (Babson College). Desarrollador PHP/Java/JavaScript. Fundador & CEO de EpicStudio. Entusiasta de las tecnologías web (JavaScript, Vue, Laravel, AWS, Docker) Viajes, Negocios, Surf y Growth.[/vc_column_text][asvc_list_item icon_fontawesome=”fa fa-calendar-o” icon_size=”14px”]Programar una reunión[/asvc_list_item][/vc_column_inner][/vc_row_inner][/vc_column][vc_column width=”1/6″][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]