questions i have about it

[italiano40]

one is you have to tap into the wireless part to get the packet sniffing, does it have a way to have an onboard sniff and to save that log to a FTP?

[Darren Kitchen]

You could theoretically dump the log to an FTP. Interesting concept however it defeats the purpose of being passive. You'd have to assign Interceptor to the target network and FTP out -- likely setting off alarms on any IDS.

[italiano40]

yea darren i see your point i just asking because the fon has not a lot of space (barely enough for a minute of wireshark) but you could dump it to the FTP and then have a cracker run, or have a script that stop wiresjark after a certain amount of captures or time pass then have it sleep for a long time so it looks like it is just the network slowing down

[digininja]

It depends on the IDS setup but just spotting a rogue MAC address or a MAC address coming from an odd port is enough to trigger some IDS signatures.

Not sure what you mean about the network slowing down and sleeping the capture. If you sleep then you don't capture anything so you may miss the juicy stuff. You could time it to come on at certain times such as between 8.30 and 9.15 when most people would be logging in but you'd still have to store the capture somewhere and the Fon probably doesn't have enough space.

BTW, you mean either tshark or tcpdump, wireshark is a gui app

[italiano40]

yea i meant tshark that is why you should make i a sniffer on the fon and then have it dump to a FTP

also i get what you are saying about the IDS setup and the Mac address but if you put it into a small company or a small business you should have no problem with that since the IT department is small or non-existent and i know that sleep you wont capture stuff but if you keep it their for a long time it will get the juicy stuff

[DingleBerries]

Think passive network tap only instead of using physical(eth) port you are taking it in via wifi. I love the idea, but i still need a place for it to dump my packets until i can come and take them away.

[digininja]

How about scan the network for an open share and store them on that. Its cheeky but it might just work!

[macsdd]

could you not run a external hard drive connected to another fon which logs all of the packets that the interceptor sends to it? we know it's possible for a fon to mount and write to a external device (people have used sd cards) why not a nas? (or when the new fon comes out a usb) this idea is the usual set up that a normal taping device has the bug sends the transmission over to the receiver a wee bits away and voila you have a tap, why not apply this line of thought with the interceptor, because in all reality it is a network tap.

[digininja]

Do you mean have the other fon hidden somewhere else in the building and have that run the client side? If so then all you'd need to do is to have tcpdump dump out all the traffic as a pcap to the drive.

That would work.

[macsdd]

i'm saying have another fon outside of the building to collect the data in a spot easily accessible to you