Question: I have one Windows laptop, one Linux laptop and a wireless router.
Now I want to "investigate" the hotmail/windows live protocol.
What I want to do is route network traffic from the windows laptop via ethernet to the linux laptop, capture it on the Linux computer, forward it wirelessly to the router, receive the hotmail response from the router on the linux computer and forward it to the windows computer.
How do I do that?
In essence, switching the Linux laptop between the Windows laptop and the router, to capture network traffic ?
Which program is best for capturing/analysing ?
Please note that for whatever reason, packet capturing with winpcap on the windows computer doesn't work...
Of course you can do this, take a look at wireshark
man tcpdump
On my Mac, I do it like this:
sudo tcpdump -ien1 -s0 -xX -vvv
I don't know how similar tcpdump options are across platforms...
Note, tcpdump also allows you to capture to a pcap file that could then be imported to Wireshark and maybe other gui tools.
As others have mentioned, you can use wireshark (find out how to use filters to remove unnecessary packets in your log). If your Windows and Linux box are on the same network, you do not need that setup to sniff packets. Unless you are using ndiswrapper, you would probably be able to set the wireless network device on the Linux box to "monitor mode" and it will sniff all packets on your LAN. If your device does not support that mode, you can try connecting both boxes to your router physically. That will help you avoid the routing you described in your question.
Related
I'm trying to write modbus slave and have one problem: I'm correctly receive requests from master, but when I try to response it's look like something is incorrectly sended to serialport, because when I plug RS485 sniffer - I see both req and res (in HEX).
Hardware: Mac (slave written by me) - USBtoRS485 - ICPCON tGW-715 (TCPtoRTU gateway) - Win PC (software master)
When I'm trying this variant: Win PC (software slave) - USBtoRS485 - ICPCON tGW-715 (TCPtoRTU gateway) - Win PC (software master) everything works.
Libs: libmodbus, h5.modbus (node.js). Doesn't matter - correct request, but no response.
Target PC (for slave) will be on Linux, so Mac is nearly closer than Win.
I'm already have no ideas what to check and how to make it work. What can be wrong?
The Win PC variant is working so, hardware should be fine. Without more details, I would suggests another approach, if your final goal is to use the system in Linux: use a a virtual machine on Windows, with a Linux guest.
I work with ICP DAS tech support, and have used VirtualBox with tM-7561 and I-7561 USBtoRS485 converters, with both Linux and Windows hosts.
I have no experience on Mac, but another option would be trying a Modbus Slave not written by you, for example pyModSlave and see if it works correctly on your Mac, it also shows you the packets sent/received.
If pyModSlave works correctly on Mac, maybe try a software serial sniffer with your slave. On Windows I use the one from HHD Software, it has serial, USB and TCP/IP sniffers. On Mac/Linux you should be able to use Wireshark to sniff USB communications, but I haven't done that yet personally.
Instead of the sniffer, maybe you can use a null modem emulator, so that what you send from a (virtual) serial port will be received on another (virtual) serial port on your Mac, so that you can inspect the data sent/received. On Windows I use com0com, for Linux there is tty0tty that I haven't used yet. Not sure what is available on Mac. Or else just use 2 USBtoRS485 with D+ and D- interconnected, on one port your slave, on the other port a master like qModMaster that shows packets.
I am attempting to access my BeagleBone Black but I am having some issues and I'm needing some help.
I messed around with my BBB almost 2 years back and I statically set the IP address for eth0. Unfortunately, I don't recall what I changed it to. If I knew the network, I could probably figure it out but I haven't the slightest clue what it could be.
I am running Windows 10 on my laptop and I have a USB to USB-mini running to the device which provides to it power and a connection.
I have installed the latest drivers, PuTTY, and WireShark. I made sure the drivers were imported, ran WireShark for DHCP requests/ARP broadcasts, LL DNS updates, or SSH port references but I wasn't seeing anything on that particular interface on my laptop (ran as promiscuous and nonpromiscuous).
I read that the default IP address for the beaglebone.local is 192.168.7.2 but I wasn't able to reach it via ICMP, HTTP, or SSL.
I assumed the USB connection provides either an Ethernet-over-USB connection or a serial connection (UART through USB), so, I have both the USB connected and the Ethernet cable connected.
To see if I could just use a serial connection with PuTTY (Serial-to-USB), I opened Device Manager to see which COM port it was using. The odd thing is that COM ports aren't listed in Dev Manager, not even by default when nothing is connected. There also wasn't section for Unknown Devices.
I figured at this point, it wouldn't hurt to download the latest release of Debian for BeagleBone. I wrote the .img to a 32GB MicroSD card and held down the USER/BOOT button while I applied power (as per the instructions).
Still no luck and I'm now out of ideas.
I only have a laptop at my disposal, currently. I don't have immediate access to a monitor, mouse, and keyboard so I wouldn't be able to view what is happening internally. The LED0 is giving me the standard heartbeat flash (2 consecutive flashes followed by a longer off period).
Does anyone have any suggestions?
TIA
I am on debian and:
I have a USB controller hooked up to a USB port on my PC (Device 1).
I have a male to male USB cord hooked up to another port on the PC that connects to Device 2. (it is a "bridging" usb cord, and has the chip for it)
I want to make them connect to each other as if they were one cord, so neither device knows that there is a computer in the middle.
This would be called a 'Coupler', except that I am using a PC as a coupler.
Here is a (really bad) diagram I made:
What I have done:
I have been able to connect the two devices independently of each other and sniff the results for when they fail to connect. The devices don't send a large volume of data back and forth.
Maybe there is some kind of command tool that I could use, for example (psudocode):
$ couple-usb-ports PORT1 PORT2
You're trying to reinvent the wheel here.
You might consider looking at this link instead.
http://dan3lmi.blogspot.com/2012/10/sniffing-usb-traffic-different.html
Specifically this.
Windows: You cannot directly capture raw USB traffic on Windows with Wireshark/WinPcap, but it is possible to capture and debug USB traffic on a virtual Windows machine under Oracle Virtual Box.
You cannot use a simple PC as transparent USB sniffer without extra (expensive) hardware. An USB bus has always one host (and one or more devices), and the PC can only be the host. This is a hardware limitation.
But you can capture USB data in a Windows machine using Wireshark and USBPcap, eliminating the need for the middle box in most cases.
As this post is tagged Linux, I suppose the controller PC is a Linux machine. Instead of connecting USB ports with a male-male connector, which is all kinds of bad (you are connecting the 5V lines of both machine with each other!), just run Wireshark in the controller PC.
There might be a little work to be done previously, as you have to enable Wireshark for USB monitoring (Particularly in Debian, this is disabled by default), and you might have to install a small driver to enable the monitoring. Have a look at this page for more information.
Once you get it working, Wireshark is an excellent tool for this!
I have a server running Debian 7. The eth0 interface is configured to use the on-board ethernet card. This is basically used to connect to the internet. As it happens, I had to connect this server to some PCs through a switch, obviously on a different series of IPs. for this, I installed an external NIC in the PCI slot but, strangely it didn't seen to work. The configurations were alright. I checked them more times than I can imagine. So, I disabled my eth0 interface and connected eth1 (external NIC) to the internet. If for the same settings, the on-board card worked, so should the external one. But, it didn't. When I tried to ping some servers like 8.8.8.8, it gives me Destination Host Unreachable and on termination shows, 0 packets "transmitted" and 0 packets received, which is baffling, to say the least. The PCI slot is working because I checked if the drivers were being recognised or not. The NIC itself is working (checked with another machine running Debian 6). Any help/sugesstions would be appreciated.
P.S The NIC in question is D-Link System DGE-530T Gigabit Ethernet Adapter (rev 11)
You need to check to see if the card is being listed in lspci or not. Second, is this a virtual machine?
I would also check to see if the BIOS is handling IRQ's in auto or are they specifically assigned.
I am connected to my home wifi network using Ubuntu 10.10. The protection is WPA2-auto.
I want to capture packets from it.
$ sudo iwconfig wlan0 mode monitor
$ sudo wireshark
I try to capture from wlan0.
Am connected to the wifi network with an android phone and browsing websites.
However I am unable to see unencrypted http packets.
I select Edit|Preferences|Capture|Protocols
and select 802.11 and set the checkbox to yes for 'decrypt packets'.
Still nothing.
Solution: run airmon-ng from the aircrack-ng project to set the wireless card into monitor mode. (this was pointed out by a Wireshark developer on the mailing lists). Apparently iwconfig does not work properly as it has issues on Ubuntu.
airmon-ng start wlan0
This will set it into monitor mode and create interface mon0.
After this, I was able to capture off the mon0 interface using Wireshark.
You must capture the association sequence to be able to decrypt the traffic.
If you start your capture when the phone is already connected then Wireshark
cannot decrypt the packets.