0

I am trying to monitor outgoing network traffic on a Virtual Machine running CentOS (Guest) on a Windows Machine (Host).

I installed Fiddler on the Host Machine (Windows) and allowed remote connections on it so that I can use it as a proxy on the Guest Machine (CentOS).

I am trying to install tableau-server on the Guest Machine (CentOS), and interested in checking the outgoing traffic or the endpoints it uses for it's activation process. So, while activating tableau-server I pass the proxy, setup via Fiddler to monitor all the traffic.

But the problem is, when I activate tableau-server, I do not get any outgoing traffic, which I think is not possible. To be sure, I disabled internet connectivity on the Guest Machine (CentOS) thinking it's an offline process, but the activation fails and complains about internet connectivity.

That means, it needs to connect to some endpoints. But then, why am I not getting anything in Fiddler logs ?

Is it possible that the activation process uses a different protocol instead of http/https ? If yes, is it possible to whitelist such requests via proxy ?

Can anyone help on this ?

Thanks in advance.

Network Configuration for the VM:

enter image description here

enter image description here

(I can surf the internet on the VM)

User9523
  • 101
  • 2
  • The best way to be sure of what kind of protocols are incoming/outgoing should be first to use Wireshark (for lower layers), and when you're sure go to Fiddler (~higher layer). Wireshark may need some filters to check what you need but it really powerful. – inframan Mar 07 '22 at 09:21
  • @inframan Thanks for your response. So, is my understanding correct that the activation process is using a different protocol than http/https and that is why Fiddler cannot catch it as it only monitors http/https traffic ? – User9523 Mar 07 '22 at 09:29
  • I don't know, maybe your application flow is kind of encapsulated, so the best way to be sure is to have a first monitoring with wireshark (for i.e with ip.addr filters to only monitor flow between your 2 hosts). Moreover, you should share your network configuration on your virtual machine. To check if this allow/deny to go through internet – inframan Mar 07 '22 at 09:36
  • @inframan Please check the configuration added above. – User9523 Mar 07 '22 at 09:41
  • If you're able to go to internet in that way, why don't you install fiddler on your CentOS VM directly instead of installing it on your windows host ? – inframan Mar 07 '22 at 09:45
  • Actually, I tried but not able to install. Also, Fidder Classic for windows is free, whereas Fiddler Everywhere is a trial. Plus, the idea was to emulate a proxy server. – User9523 Mar 07 '22 at 09:47

1 Answers1

0

Here's some pre requisites to activate Tableau with proxy use https://help.tableau.com/current/server-linux/fr-fr/activate.htm

Maybe you missed those requirements.

inframan
  • 93
  • 3
  • These conditions were covered. The problem here is NETWORKING. I have just added another screenshot regarding wireshark. Can help me with the section which would capture the traffic from VM ? For example, the section marked with RED, that would help me ? – User9523 Mar 07 '22 at 09:53
  • From your original screenshot, you should use Wi-Fi as it's the only one who got traffic (and as your VM is bridged to your computer adapter, you should be able to see all the traffic) – inframan Mar 07 '22 at 14:28