Get the real IP address when using a reverse tunnel with ssh

1

Let's say I open this tunnel from my local:

$ ssh -l user@135.95.66.88 -R 2401:135.115.12.68:2401

Then from 135.95.66.88 I can verify the tunnel:

$ telnet localhost 2401

I know that by using lsof I can see the IP address behind the ssh sessions (my local IP).

But, how can I know from (135.95.66.88) what IP address is the traffic being sent to (in this case 135.115.12.68).

Thank you.

Alex Pi

Posted 2014-12-23T23:15:11.520

Reputation: 111

Answers

0

Once the session is established (telnet 2401), You should see network connection via:

netstat -anp

Last column in this case show PID/command. Since You know ssh session, just grep netstat output for PID You are interested in.

This should work on Linux. On other *NIX'es netstat dosn't always has -p option.

kestasx

Posted 2014-12-23T23:15:11.520

Reputation: 328

Yes, I tried that, but it refers to the localhost, this is the output: tcp 0 0 ::1:31156 ::1:2401 ESTABLISHED 11807/telnet – Alex Pi – 2014-12-24T17:23:28.120

Then filter out which PID is LISTEN'ing on 2401/tcp and then filter by this PId (You'll see where it connects). Similar data may be obtained by using lsof -p PID. – kestasx – 2014-12-24T21:32:58.870

Asked: 2014-12-23T23:15:11.520

Viewed: 153 times

Active: 2014-12-24T00:06:25.950