I'm trying to "spy" on a serial to Ethernet converter Moxa N5100 it simply sends the serial port input to a TCP socket. Also it has a http interface. No https. So I should see some activity on port 80.
I downloaded vanilla Virtual box Kali Linux https://www.kali.org/get-kali/#kali-virtual-machines and passed usb ASIX to the machine. I see the eth1. Then simply started Wireshark without any special configuration apart from choosing eth1. Some traffic shows up but no TCP. When I run Wireshark on my main interface/lan I capture those TCP packets so there.
Also tried it on windows 10 installed on my laptop as a second lan. It get's recognized wire shark sees some triffic in unmuted mode and just ARP packets from Moxa when muted . Tried both muted and unmuted(with script). Tried another computer with similar results.
The switch/hub part on plunder bug work. I have communication when I put it inline with the device I'm trying to listen to.
Is your plunder bug new? Maybe there was some change in firmware/hardware and got unnoticed? There was also some other report from April.
change new units lost the hub functionality? However the driver for ASIX seems to be rather old.
[ 75.069954] usb 1-2: new full-speed USB device number 3 using ohci-pci
[ 75.557136] usb 1-2: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64
[ 75.557141] usb 1-2: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 512, setting to 64
[ 75.583611] usb 1-2: New USB device found, idVendor=0b95, idProduct=772b, bcdDevice= 0.02
[ 75.583616] usb 1-2: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 75.583618] usb 1-2: Product: AX88772C
[ 75.583619] usb 1-2: Manufacturer: ASIX Elec. Corp.
[ 75.583621] usb 1-2: SerialNumber: 00091B
[ 77.964606] asix 1-2:1.0 (unnamed net_device) (uninitialized): PHY [usb-001:003:10] driver [Asix Electronics AX88772C] (irq=POLL)
[ 78.014097] Asix Electronics AX88772C usb-001:003:10: attached PHY driver (mii_bus:phy_addr=usb-001:003:10, irq=POLL)
[ 78.014301] asix 1-2:1.0 eth1: register 'asix' at usb-0000:00:06.0-2, ASIX AX88772B USB 2.0 Ethernet, 00:13:37:xx:xx:xx
[ 78.015708] usbcore: registered new interface driver asix
[ 78.079182] asix 1-2:1.0 eth1: configuring for phy/internal link mode
[ 80.474247] asix 1-2:1.0 eth1: Link is Up - 100Mbps/Full - flow control rx/tx
[ 80.474259] IPv6: ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready
[ 128.028256] cfg80211: Loading compiled-in X.509 certificates for regulatory database
[ 128.028425] cfg80211: Loaded X.509 cert 'benh@debian.org: 577e021cb980e0e820821ba7b54b4961b8b4fadf'
[ 128.028590] cfg80211: Loaded X.509 cert 'romain.perier@gmail.com: 3abbc6ec146e09d1b6016ab9d6cf71dd233f0328'
[ 128.028738] cfg80211: Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
[ 128.033666] platform regulatory.0: firmware: direct-loading firmware regulatory.db
[ 128.034173] platform regulatory.0: firmware: direct-loading firmware regulatory.db.p7s
[ 128.733069] Bluetooth: Core ver 2.22
[ 128.733122] NET: Registered PF_BLUETOOTH protocol family
[ 128.733124] Bluetooth: HCI device and connection manager initialized
[ 128.733127] Bluetooth: HCI socket layer initialized
[ 128.733129] Bluetooth: L2CAP socket layer initialized
[ 128.733133] Bluetooth: SCO socket layer initialized
[ 132.150963] device eth1 entered promiscuous mode
1 0.000000000 MoxaTech_b6:db:78 Broadcast ARP 60 Who has 10.43.123.1? Tell 10.43.123.130