_                           _    _____                      _ _           ____  _             
      | |                         ( )  / ____|                    (_) |         |  _ \| |            
      | | __ _ _ __ ___   ___  ___|/  | (___   ___  ___ _   _ _ __ _| |_ _   _  | |_) | | ___   __ _ 
  _   | |/ _` | '_ ` _ \ / _ \/ __|    \___ \ / _ \/ __| | | | '__| | __| | | | |  _ <| |/ _ \ / _` |
 | |__| | (_| | | | | | |  __/\__ \    ____) |  __/ (__| |_| | |  | | |_| |_| | | |_) | | (_) | (_| |
  \____/ \__,_|_| |_| |_|\___||___/   |_____/ \___|\___|\__,_|_|  |_|\__|\__, | |____/|_|\___/ \__, |
                                                                          __/ |                 __/ |
                                                                         |___/                 |___/ 
    Home    Twitter: @Xtrato    Email: james[at]jamesdotcom.com    PGP Key    GitHub: Xtrato    Youtube: Xtratozorz    RSS Feed

21st February 2013 || Packet Sniffing using the Raspberry Pi

In this post i intend to detail how i setup the raspberry pi to perform packet sniffing between two network devices. I made a YouTube video in which i explain how it works and below you will find both the shell script and python script i used to setup the bridge and dump the packets respectively.

The network layout:

 +-----------+           +-----------+          +------------+
 |           |           |           |          |            |
 |           |   ETH1    | RASPBERRY |   ETH0   |            |
 |  LAPTOP   +-----------+    PI     +----------+     PC     |
 |           |           |           |          |            |
 |           |           |           |          |            |
 +-----------+           +-----------+          +------------+

The raspberry pi is placed in the middle and any data traveling between each device is captured by it. A second USB to Ethernet adapter is used to provide the second interface. The adapter i used is a USB to Fast Ethernet 10100 Mbps Network LAN Adapter Vista Linux 27723.

When the Raspberry pi starts it loads two scripts. The first is this shell script below:

ifconfig eth0 0.0.0.0
ifconfig eth1 0.0.0.0
brctl addbr bridge0
brctl addif bridge0 eth0
brctl addif bridge0 eth1
dhclient bridge0
ifconfig bridge0 up

This script removed the IP address from eth0 and eth1. It then creates a bridge called bridge0. Adds the interfaces to bridge0 and starts the bridge.The shell script also assigns a network address to the bridge interface to allow for network connectivity. (dhclient bridge0)

The second script that starts after the one above is this python script below. It implements the Python Dropbox Uploader package which can be downloaded here.

import subprocess
from dbupload import upload_file #Used for Dropbox uploading
from datetime import datetime # Used the genreate the filename
count = 0 #Counts the number of files that have been dumped
while True:
    count = count + 1
    fileName = str(datetime.now().day) + "-" + str(datetime.now().month) + "-" + str(datetime.now().year) + " AT " + str(datetime.now().hour) + "-" + str(datetime.now().minute)
    tcpDumpProcess = subprocess.Popen(["tcpdump", "-Z", "root", "-w", fileName, "-i", "bridge0", "-G", "60", "-W", "1"]) #Sets up the TCPDump command
    tcpDumpProcess.communicate() #Runs the TCPDump command
    print "Currently dumping file number " + str(count) + "."
    upload_file(fileName,"/",fileName, "YOUR_EMAIL","YOUR_PASSWORD") #Uploads the dump file to dropbox
    print "File uploaded Successfully"

This can obviously be done without using python and running the TCPDump command from command line. An internet connection can be configured on the Raspberry Pi simply by adding network settings to the bridge interface. in my case i used DHCP to automatically do this by adding dhclient bridge0 to the shell script.

With both these files saves onto the raspberry pi and executed from the rc.local file at startup it will allow the raspberry pi to automatically capture network traffic between two devices.