DEV Community

KateMLady
KateMLady

Posted on • Edited on

Architecture are visible

There is now high-quality open source software for implementing traffic and connection control. When connecting certain ports and even connecting to broadcasting devices (Wi-Fi), you can see attempts to connect and view unprotected data transmissions.

# groupadd -g packetcapture
# chmod 750 /usr/bin/dumpcap
# chgrp packetcapture /usr/bin/dumpcap
# setcap cap_net_raw,cap_net_admin+ep /usr/bin/dumpcap

# groupadd -g packetcapture
# chgrp packetcapture /usr/bin/dumpcap
# chmod 4750 /usr/bin/dumpcap
Enter fullscreen mode Exit fullscreen mode

In general, Linux systems, as opposed to Windows, show a high level of penetration into the kernel and obtaining the necessary parameters. So, if you are developing on Linux, it is much easier for you to manage your operating system and manipulate external connections.

If there are no such tasks, then I have been using Windows with VMware my whole life, where all the operating systems I need with extended access to ports and Internet access are installed. Such stands train DevOps skills and working with the Command Line.

Image description

All packets, when configuring access to ports, are viewed and decrypted at the required access level. When establishing test stands, the settings are in your control. You can connect not only physical ports, but also virtual ones (from virtual environments).

Ideally, if you don't have a configured firewall, you can connect to any connection source and look at the data transfer packets. From experience, I can say that there is little of interest there, mostly information packets. In summary, if there is an important connection, try to set passwords/security settings so that if a packet is intercepted, it is impossible to extract information from it.

Top comments (0)