Snort mailing list archives
Re: ssh-tunnel between sensor and database-server
From: Skip Carter <skip () taygeta com>
Date: Fri, 27 Aug 2004 08:28:14 -0700
I have build an ssh-tunnel between my snort-sensor and my database-server and it seems to work. I had like to control this with tcpdump and it shows something like this: "IP1".32817 > "IP2".22 "IP2".22 > "IP1".32817
I expect port 3306 instead of 32817 and that confuses me. Can anyone explain me why 32817 is used? Does ssh "hide" the source-port by using it?
This just looks like the other end of your interactive session. I presume you are doing something like (from IP1): ssh -R 3306:IP2:3306 IP2 If so, you should see on IP2 a service listening on IP2 at 3306 after you have authenticated. 'netstat -an' might be a more useful diagnostic to see if you got it working, tcpdump won't help until you start pushing data through it. Skip -- Dr. Everett (Skip) Carter Phone: 831-641-0645 FAX: 831-641-0647 Taygeta Scientific Inc. INTERNET: skip () taygeta com 1340 Munras Ave., Suite 314 WWW: http://www.taygeta.com Monterey, CA. 93940
Attachment:
_bin
Description:
Current thread:
- ssh-tunnel between sensor and database-server Maetzky (extern) (Aug 27)
- Re: ssh-tunnel between sensor and database-server Skip Carter (Aug 27)
- Re: ssh-tunnel between sensor and database-server Sean Brown (Aug 27)