Capture USB traffic
modprobe usbmon In directory /dev/ you will see extra devices usbmon0 usbmon1 usbmon… Within wireshark you will see these interfaces
Read More →modprobe usbmon In directory /dev/ you will see extra devices usbmon0 usbmon1 usbmon… Within wireshark you will see these interfaces
Read More →To set up a bridge named br0 (part 1) apt install bridge-utils brctl addbr br0 brctl addif eth0 br0 brctl addif eth1 br0 To set up a bridge named br0 (part 2) ip link add br0 type bridge ip link set eth0 master br0′ ip link set eth1 master br0 To set up […]
Read More →you have a remote ssh server with tcpdump or dumpcap installed. From a client which has ssh access to the remote server, you can run wireshark on the client and capture live traffic remote. InĀ case the user needs sudo to capture, wireshark will not prompt for the password. So you need to do the […]
Read More →The accesspoints and wireless management interface should have a routable ip address In priv mode on the Cisco catalyst 3850 AP name <name> mode sniffer AP name <name> sniff <dot11a/dot11b> <channel> <ip address sniffer> On the sniffer you can decode traffic from wireless management interface as peekremote
Read More →Enable modules: sudo a2enmod proxy proxy_http proxy_connect open file ../mods-enabled/proxy.conf uncomment #ProxyRequests On create file ../sites-available/forward_proxy.conf <VirtualHost *:8080> ProxyRequests On ProxyVia On <Proxy “*”> Require ip 192.168 Require ip 127.0.0.1 Require ip 10 </Proxy> ErrorLog ${APACHE_LOG_DIR}/error_forward_proxy.log CustomLog ${APACHE_LOG_DIR}/access_forward_proxy.log combined </VirtualHost> open file ../ports.conf and add the following Listen 0.0.0.0:80 Listen 0.0.0.0:8080 sudo a2ensite forward-proxy.conf service […]
Read More →The following story is fiction. We have an IT security compagny with 1000 employees. In our office, we don’t have a big wired infrastructure, we have high density wifi. Security is based on WPA2-enterprise. To access wifi, internet, intranet, mail and office applications we use one single account…….. Be aware of the man with the […]
Read More →In example below we send a ping from host A to host B. Host A doesn’t have an ARP entry for host B. Host B doesn’t have an ARP entry for host A. Step 1. Host A sends an ARP request for host B. Step 2: Host B stores the MAC – and IP address […]
Read More →In case of no encryption iw dev <device> connect <ssid> [<bssid>] Why bssid? In case you have multiple access points, you can specify a specific accesspoint. If you have just one, there’s no need to specify. i.e. iw dev wlan0 connect Freewifi 40:A5:EF:25:BF:12 In case of WPA/WPA2 apt-get install wpasupplicant wpa_passphrase <ssid> [passphrase] i.e. wpa_passphrase MyWifi Welcome123 Copy output to file wpa_supplicant […]
Read More →With linux we can change the MAC address of an interface via several methods: ifconfig <device> hw ether <mac address> ip link set <device> address <mac address> macchanger <device> <mac address> One disadvantage, we can only configure a unicast MAC address. It’s not possible to configure a non-unicast or bogus address. i.e. ifconfig eth0 hw […]
Read More →This article describes how to capture traffic between a client and the network with a passive “Man in the Middle”. Also it explains how to generate traffic from a VM where the network only sees 1 MAC and 1 IP address form the client PC. In the example below, we use eth0 and eth1 as […]
Read More →