Packet Sniffing using the Raspberry Pi
February 21, 2013
In this post i intend to detail how i setup the raspberry pi to perform packet sniffing between two network devices. I made a YouTube video in which i explain how it works and below you will find both the shell script and python script i used to setup the bridge and dump the packets respectively.
The network was setup like this:
The raspberry pi is placed in the middle and any data traveling between each device is captured by it. A second USB to Ethernet adapter is used to provide the second interface. The adapter i used is a USB to Fast Ethernet 10100 Mbps Network LAN Adapter Vista Linux 27723.
When the Raspberry pi starts it loads two scripts. The first is this shell script below:
ifconfig eth0 0.0.0.0 ifconfig eth1 0.0.0.0 brctl addbr bridge0 brctl addif bridge0 eth0 brctl addif bridge0 eth1 dhclient bridge0 ifconfig bridge0 up
This script removed the IP address from eth0 and eth1. It then creates a bridge called bridge0. Adds the interfaces to bridge0 and starts the bridge.
##Edit## The shell script now also assigns a network address to the bridge interface to allow for network connectivity. (dhclient bridge0)
The second script that starts after the one above is this python script below. It implements the Python Dropbox Uploader package which can be downloaded here.
import subprocess from dbupload import upload_file #Used for Dropbox uploading from datetime import datetime # Used the genreate the filename count = 0 #Counts the number of files that have been dumped while True: count = count + 1 fileName = str(datetime.now().day) + "-" + str(datetime.now().month) + "-" + str(datetime.now().year) + " AT " + str(datetime.now().hour) + "-" + str(datetime.now().minute) tcpDumpProcess = subprocess.Popen(["tcpdump", "-Z", "root", "-w", fileName, "-i", "bridge0", "-G", "60", "-W", "1"]) #Sets up the TCPDump command tcpDumpProcess.communicate() #Runs the TCPDump command print "Currently dumping file number " + str(count) + "." upload_file(fileName,"/",fileName, "YOUR_EMAIL","YOUR_PASSWORD") #Uploads the dump file to dropbox print "File uploaded Successfully"
This can obviously be done without using python and running the TCPDump command from command line.
My intention was to integrate Dropbox uploading to the process but failed due to the inability to gain an internet connection from the raspberry pi when configured with a software bridge.
An internet connection can be configured on the Raspberry Pi simply by adding network settings to the bridge interface. in my case i used DHCP to automatically do this by adding
dhclient bridge0 to the shell script.
With both these files saves onto the raspberry pi and executed from the rc.local file at startup it will allow the raspberry pi to automatically capture network traffic between two devices.