italiano40 Posted March 22, 2009 Share Posted March 22, 2009 one is you have to tap into the wireless part to get the packet sniffing, does it have a way to have an onboard sniff and to save that log to a FTP? Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted March 22, 2009 Share Posted March 22, 2009 You could theoretically dump the log to an FTP. Interesting concept however it defeats the purpose of being passive. You'd have to assign Interceptor to the target network and FTP out -- likely setting off alarms on any IDS. Quote Link to comment Share on other sites More sharing options...
italiano40 Posted March 22, 2009 Author Share Posted March 22, 2009 yea darren i see your point i just asking because the fon has not a lot of space (barely enough for a minute of wireshark) but you could dump it to the FTP and then have a cracker run, or have a script that stop wiresjark after a certain amount of captures or time pass then have it sleep for a long time so it looks like it is just the network slowing down Quote Link to comment Share on other sites More sharing options...
digininja Posted March 22, 2009 Share Posted March 22, 2009 It depends on the IDS setup but just spotting a rogue MAC address or a MAC address coming from an odd port is enough to trigger some IDS signatures. Not sure what you mean about the network slowing down and sleeping the capture. If you sleep then you don't capture anything so you may miss the juicy stuff. You could time it to come on at certain times such as between 8.30 and 9.15 when most people would be logging in but you'd still have to store the capture somewhere and the Fon probably doesn't have enough space. BTW, you mean either tshark or tcpdump, wireshark is a gui app Quote Link to comment Share on other sites More sharing options...
italiano40 Posted March 23, 2009 Author Share Posted March 23, 2009 yea i meant tshark that is why you should make i a sniffer on the fon and then have it dump to a FTP also i get what you are saying about the IDS setup and the Mac address but if you put it into a small company or a small business you should have no problem with that since the IT department is small or non-existent and i know that sleep you wont capture stuff but if you keep it their for a long time it will get the juicy stuff Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted March 23, 2009 Share Posted March 23, 2009 Think passive network tap only instead of using physical(eth) port you are taking it in via wifi. I love the idea, but i still need a place for it to dump my packets until i can come and take them away. Quote Link to comment Share on other sites More sharing options...
digininja Posted March 23, 2009 Share Posted March 23, 2009 How about scan the network for an open share and store them on that. Its cheeky but it might just work! Quote Link to comment Share on other sites More sharing options...
macsdd Posted March 23, 2009 Share Posted March 23, 2009 could you not run a external hard drive connected to another fon which logs all of the packets that the interceptor sends to it? we know it's possible for a fon to mount and write to a external device (people have used sd cards) why not a nas? (or when the new fon comes out a usb) this idea is the usual set up that a normal taping device has the bug sends the transmission over to the receiver a wee bits away and voila you have a tap, why not apply this line of thought with the interceptor, because in all reality it is a network tap. Quote Link to comment Share on other sites More sharing options...
digininja Posted March 23, 2009 Share Posted March 23, 2009 Do you mean have the other fon hidden somewhere else in the building and have that run the client side? If so then all you'd need to do is to have tcpdump dump out all the traffic as a pcap to the drive. That would work. Quote Link to comment Share on other sites More sharing options...
macsdd Posted March 23, 2009 Share Posted March 23, 2009 i'm saying have another fon outside of the building to collect the data in a spot easily accessible to you Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.