Search the Community

I need to capture ALL packets on a single wire, even from multiple VLANs. (I'm trying to diagnose a VLAN-hopping ShoreTel VoIP phone on a new switch and all of the vendors involved are not helpful). Captures would be done on a working phone connection and also on the "problem" phone connection. My intention is to export the captures to Wireshark so I can figure out what's happening by comparing them. I was thinking of using Packet Squirrel. (1) Will it record all VLANs on a connection? (2) Is this the best device to use or should I buy a different one? THANK YOU!!

OK, I have not scripted anything in a number of years, and those scripts were either a batch file for powershell v1 and v2. I thought it would be fun to write a script that I could set to run at start up and use with a Raspberry Pi and the proper WiFi dongle to automatically capture open WiFi traffic based on the most active network. I would greatly appreciate the community taking a look at what I have and help me clean up and refine the code. <this is of course purely for educational purposes> I thinks this could also be converted to a useful pineapple module #/bin/bash # references the interface wlaninterface=wlan0mon # sets the base file name for the wireless survey recon=scouted # sets the file name for the pcap file to write too pcapfile=DaCapFile # sets the lenth of time to run the survey for - in seconds recontime=30s # sets the lenth of time to run the packet capture for - in seconds capturetime=600s # finds the open WiFi network with the most active traffic and get the channel number channel=$(grep -a 'OPN' $recon*.csv | sort -nrk11 | tail -1 | awk '{print $6}') # removes the comma from the output of the previous line ch=${channel::-1} #finds the open WiFi network with the most active traffic and get the ESSID network=$(grep -a 'OPN' $recon*.csv | sort -nrk11 | tail -1 | awk '{print $19}') # removes the comma from the output of the previous line ssid=${network::-1} # general house cleaning to remove previous captures rm $recon*.csv &> /dev/null rm $pcapfile*.cap &> /dev/null # setting wlan0 into monitor mode airmon-ng check kill airmon-ng start wlan0 # running the wireless survey airodump-ng -w $recon --output-format csv $wlaninterface &> /dev/null & sleep $recontime kill $! #running the packet capture airodump-ng -c $ch --essid $ssid -w $pcapfile --output-format pcap $wlaninterface &> /dev/null & sleep $capturetime kill $!