Jump to content

Ethernet device logging.

rsdbaby

By rsdbaby
in Hacks & Mods

 Share

Recommended Posts

  • Replies 54
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

PLuNK Newbie

PLuNK

Posted
Posted

What you need to realise is there needs to be something operating the program, You can't just slap a program on a flash drive and expect it to magically run. If your trying to monitor your traffic on a machine you have permissions to use, then Wireshark is the way; Other then that it's not exactly easy.

If you have/made a program designed for say Windows (In general) then you also need Windows to automatically run the program on the flash drive once connected with/without human interaction.

Link to comment
Share on other sites
VaKo Newbie

VaKo

Posted
Posted

There is a very simple and undetectable way of doing this with hardware, it will just cost you more than a flash drive. You first setup a wiretap on the ethernet cable using a passive network tap, then you connect this to a gumstix computer (a tiny linux machine the size of a packet of gum) which is running tcpdump and logging to a large capacity flash storage medium. Very simple, very effective and its how the pro's would do it.

With your method, you will basically need to use a U3 drive and a rootkit, which is cheaper and more straightforward, but will do lasting damage to the target machine. My method is completely passive, and as long as they don't physically see it, undetectable from the target machine.

Link to comment
Share on other sites
VaKo Newbie

VaKo

Posted
Posted

Broadcom chips come with a utility which allows you to measure cable length, so this might allow you to spot something like a passive wiretap. I would assume it measures attenuation and impedance on the wire and uses that to calculate the rough length of the cable. If they are checking this, you are out of your league.

Link to comment
Share on other sites
rsdbaby Newbie

rsdbaby

Posted
  • Author
Posted
There is a very simple and undetectable way of doing this with hardware, it will just cost you more than a flash drive. You first setup a wiretap on the ethernet cable using a passive network tap, then you connect this to a gumstix computer (a tiny linux machine the size of a packet of gum) which is running tcpdump and logging to a large capacity flash storage medium. Very simple, very effective and its how the pro's would do it.

With your method, you will basically need to use a U3 drive and a rootkit, which is cheaper and more straightforward, but will do lasting damage to the target machine. My method is completely passive, and as long as they don't physically see it, undetectable from the target machine.

How do you connect the gumstix to the ethernet connection? And how would I go about installing tcpdumb on the gumstix? I really appreciate your help, this is exactly what I was looking for.

Link to comment
Share on other sites
H@L0_F00 Newbie

H@L0_F00

Posted
Posted
If I did the above configuration it would be undectable right?

There is a very simple and undetectable way of doing this with hardware, it will just cost you more than a flash drive. You first setup a wiretap on the ethernet cable using a passive network tap, then you connect this to a gumstix computer (a tiny linux machine the size of a packet of gum) which is running tcpdump and logging to a large capacity flash storage medium. Very simple, very effective and its how the pro's would do it.

With your method, you will basically need to use a U3 drive and a rootkit, which is cheaper and more straightforward, but will do lasting damage to the target machine. My method is completely passive, and as long as they don't physically see it, undetectable from the target machine.

That method isn't completely undetectable, there will be a constant voltage drop while the device is connected. How many network adapters allow you to monitor the voltage on the cable in software? I haven't seen any yet.
Link to comment
Share on other sites
coyotepedia Newbie

coyotepedia

Posted
Posted

Actually, this doesn't sound too different from the USB Hacksaw project. There we were using autorun to install a program that would grab everything off of subsequently inserted USB keys, but using the same idea with a different payload, installing a packet sniffer and sending out the captures... Well, unless I'm missing something it's not impossible, certainly.

Link to comment
Share on other sites
VaKo Newbie

VaKo

Posted
Posted

The hacksaw method is certainly possible but would leave more traces and would be picked up more easily unless you disabled a few security methods. And with Vista's UAC its certainly going to be noticed unless you have time to rootkit the box.

Link to comment
Share on other sites
VaKo Newbie

VaKo

Posted
Posted

I don't think you need to program anything, you just need to compile & install tcpdump or wireshark for the gumstix platform and create a simple startup script so that it starts logging when you turn it on.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...