Sep 182015

The following will create a dump of raw network packets to a file, while continuously reading that file and displaying the packets on screen in human-readable format:


  • /bin/sh -c "tcpdump -i any -w /tmp/dumpfile.cap host &" : run tcpdump in the background, dumping raw packets to /tmp/dumpfile.cap
  • sleep 1 : wait a second for the file to be created and the header to be written to it. without waiting, you’ll probably get “bad dump file format”
  • tail -n 1000 -f /tmp/dumpfile.cap : tail the dump file. The point of -n is to get the whole file, from the start, including the header. Avoids “bad dump file format” error
  • tcpdump -r - : reads from stdin, which is actually the contents of /tmp/dumpfile.cap and displays to stdout in human-readable format.

IMPORTANT: Interrupting with CTRL+C will NOT kill the backgrounded tcpdump. Don’t forget to do that too if it’s not limited somehow, otherwise it will fill up the disk.

Feb 062015

AWS permissions intended for a group containing users that will monitor the environment, but should not have access to data and are not allowed to make any changes. Should allow members to check the health of services or run periodic reviews. Basically a modified version of Amazon’s Read-Only policy template. In order to cut access to potentially dangerous information, some access was removed:

    • DynamoDB and Kinesis:Get* because those would reveal data
      ElasticBeanstalk and Opsworks because the information there is potentially dangerous
      S3 objects, but it does give permissions to access S3 bucket policy
  • Continue reading »