SteveMcGrath
commented
7 years ago did you look into the config file?
Closed benson789 closed 7 years ago
SteveMcGrath
commented
7 years ago did you look into the config file?
benson789
commented
7 years ago I was using the ubuntu node package, and had permissions issues with the parsers. Re-installed with nvm and fixed.
Thanks
On 7 August 2017 at 14:00, Steven McGrath notifications@github.com wrote:
did you look into the config file?
— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/SteveMcGrath/DoFler/issues/16#issuecomment-320656705, or mute the thread https://github.com/notifications/unsubscribe-auth/AdWP-J2yRKco-X7vfUedvlAy4Mh1qeGXks5sVwpagaJpZM4OuucW .
SteveMcGrath
commented
7 years ago yeah the complexity of the app is one of the reasons that current work has been on dockerizing it. it'll aide in deploying and managing the various aspects of it.
benson789
commented
7 years ago Still not getting anything on the dashboard though, aside from a low level of UDP traffic. What should I be seeing?
On 7 August 2017 at 14:30, Steven McGrath notifications@github.com wrote:
yeah the complexity of the app is one of the reasons that current work has been on dockerizing it. it'll aide in deploying and managing the various aspects of it.
— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/SteveMcGrath/DoFler/issues/16#issuecomment-320663826, or mute the thread https://github.com/notifications/unsubscribe-auth/AdWP-O2ojUFd3wJBYJwdBTwxuUs-WF4bks5sVxF5gaJpZM4OuucW .
SteveMcGrath
commented
7 years ago if its sniffing a span/tap, just start worming around the net. whenever you hit an unencrypted page (such as CNN.com for ex) it should parse out those images and display them.
benson789
commented
7 years ago On just the VM it's running on? Or any machines on the same network?
On 7 August 2017 at 14:36, Steven McGrath notifications@github.com wrote:
if its sniffing a span/tap, just start worming around the net. whenever you hit an unencrypted page (such as CNN.com for ex) it should parse out those images and display them.
— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/SteveMcGrath/DoFler/issues/16#issuecomment-320665215, or mute the thread https://github.com/notifications/unsubscribe-auth/AdWP-Hlg4Dn_l0qoA8P7tJWezDUJHczvks5sVxLLgaJpZM4OuucW .
SteveMcGrath
commented
7 years ago depends on how your sniffing. If your unfamiliar with promiscuous interfaces, I would suggest you read up on it. Typically requires a second NIC in promisc. to sniff all of the traffic your feeding it.
https://en.wikipedia.org/wiki/Promiscuous_mode https://sublimerobots.com/2014/12/promiscuous-mode-esxi/
benson789
commented
7 years ago Yeah, I'm struggling to be honest!
My laptop NIC is in promiscuous mode, the VM is in prom mode, if I run tshark from the ubuntu CLI I can see traffic from other devices, and the charts in Dofler are reporting stats, but no images are showing up What am I missing?!
Sorry to be a pain, but this would be great on our office wallboard (100+ devs) to show what they're exposing!
Screenshots attached.
Thanks in advance.
Ben [image: Inline images 1] [image: Inline images 2]
On 7 August 2017 at 14:48, Steven McGrath notifications@github.com wrote:
depends on how your sniffing. If your unfamiliar with promiscuous interfaces, I would suggest you read up on it. Typically requires a second NIC in promisc. to sniff all of the traffic your feeding it.
https://en.wikipedia.org/wiki/Promiscuous_mode https://sublimerobots.com/2014/12/promiscuous-mode-esxi/
— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/SteveMcGrath/DoFler/issues/16#issuecomment-320668285, or mute the thread https://github.com/notifications/unsubscribe-auth/AdWP-P9s8MvvLb1ZRejs2l0GIngAKRGyks5sVxWUgaJpZM4OuucW .
SteveMcGrath
commented
7 years ago Your images were stripped out. Likely from responding to an email. In general you'll need to enable both the ngrep and driftnet parsers. Driftnet is disabled by default, however picks up on some things that the ngrep search wont find. Take a look at the default config for options here.
https://github.com/SteveMcGrath/DoFler/blob/master/config/default.json
Secondly, the default is to use a nsfw filter to stop folks from spamming porn. You can turn this off in the UI by setting the NSFW threshold to 0 (which disables it). The other option is to build and run the nsfw container (in the repo) which would require installing docker.
Again, this code has been mickey-moused together over the years, and is already undergoing it's 6th rewrite to make deployment significantly easier in the future. I hope this helps!
lowk3y
commented
5 years ago I was using the ubuntu node package, and had permissions issues with the parsers. Re-installed with nvm and fixed. Thanks
What needs to be fixed in this case? What permissions needs to be fixed?
root@ubuntu:/opt/DoFler# ./server.js NGrep: Instantiating ngrep process. TShark: Instantiating tshark process. Ettercap: Instantiating dsniff process. Application Web Server is listening on *:3000 NGrep: Failed to start process TShark: Failed to start process Ettercap: Failed to start process Ettercap: child terminated with code -2 Ettercap: Instantiating dsniff process. Ettercap: Failed to start process TShark: child terminated with code -2 TShark: Instantiating tshark process. TShark: Failed to start process NGrep: child terminated with code -2
Please help :)
Many thanks, Ben