[Packet Squirrel/PCAP Timestamp]

I was able to recover the squirrel by reflashing it with FW again, so I tried to set it to bridge mode, but nothing would get captured.  I set it back to transparent mode, and it failed to capture anything, so I reflashed it again, which fixed it.  I don't think it likes to be changed to Bridge mode, or I'm doing something wrong, but I don't see how that can be. 

Oh well.. It was worth a try

 

[Packet Squirrel/PCAP Timestamp]

On 9/6/2019 at 10:43 PM, Decoy said:

I know this post is super old - but a quick fix (which I just used recently) is to modify the payload changing NETMODE from TRANSPARENT to BRIDGE. Obviously this won't work if you're looking to keep the device hidden as you will be assigned an IP address from the target; however for my purposes I was simply monitoring one node on my network. This allowed me to track time appropriately.

Payload modification: 

function run() {
	# Create loot directory
	mkdir -p /mnt/loot/tcpdump &> /dev/null
	
	# Set networking to TRANSPARENT mode and wait five seconds
	#NETMODE TRANSPARENT
	# Set networking to BRIDGE to allow for correct timestamp on caps
	NETMODE BRIDGE
	sleep 5
	
	# Start tcpdump on the bridge interface
	tcpdump -i br-lan -s 0 -w /mnt/loot/tcpdump/dump_$(date +%Y-%m-%d-%H%M%S).pcap &>/dev/null &
	tpid=$!

	# Wait for button to be pressed (disable button LED)
	NO_LED=true BUTTON
	finish $tpid
}

 

Your reply is also SUPER old, but I've been using the packet squirrel quite a bit still, but I have to modify the timestamps in Wireshark.  It's a real pain.  

 

SOOOOO, I tried what you suggested, but I'm unable to capture any data while set to Bridge mode.   I set the payload back to what it was earlier, and NOW the damn thing won't work at all.  Even in transparent mode, the packet squirrel will not capture anything, nor does it blink yellow as it's capturing like it had in the past.  Nothing gets saved to the USB stick.  It was just working yesterday 😞 

Well this sucks.  FAWKKK

 

Thanks 

[[RELEASE] WiFi Pineapple 2.1.3]

Today, I had some testing on our IOT products and it asked me to do a firmware update.  Woo, well after the update my Pineapple Mk7 is just displaying a solid red light.  😞  Sooo what's the fastest solution to this so I dont waste to much time troubleshooting this.... 

[Packet Squirrel/PCAP Timestamp]

On 3/30/2018 at 7:17 AM, Decoy said:

This was actually mentioned in their "Let's Code" video when the Packet Squirrel was first released - so it's a known "issue". It can be done by syncing with NTP; however this can't be done in Transparent mode. You would need an IP on the target network with Internet access in order to accomplish this. While it might not be perfect, and might require some parsing on your part - you could always snag Timestamps from HTTP headers as well when returned across the wire.

Thanks man, I will have to take a look.  

[Packet Squirrel/PCAP Timestamp]

Surprised no one has run into this issue before. 

[Packet Squirrel/PCAP Timestamp]

Would I run something like  ntpdate -s time.nist.gov before running the payload.  How would that then get applied to the PS. 

[Packet Squirrel/PCAP Timestamp]

I am assuming the Packet Squirrel would sync with a NTP server before running the TCPDUMP Payload.  

Any tips on how I can do this?? 

[Packet Squirrel/PCAP Timestamp]

Is there any way to get the correct timestamps on my PCAP captures.  Assuming this thing does not have a RTC since every time I log into the PS it has a different timestamp???! Annoying when  troubleshooting and testing new network nodes without having a correct timestamp for my failures....  Grrrrrrr.