Jump to content
Whistle Master

[Official] tcpdump

Recommended Posts

Module: tcpdump


Version: 1.4


Features:


  • Manage dependencies
  • Configure tcpdump options and filters
  • Dump History

Change log:



1.4


  • Bug fixes

10dlb13jc3qr7ap4g.jpg


Edited by Whistle Master

Share this post


Link to post
Share on other sites

This is probably a stupid question but im not too familiar with tcpdump... which interface should be the appropriate choice for watching inbound traffic? (And not capturing everything you do while browsing through the NANO interface)

Share this post


Link to post
Share on other sites

This is probably a stupid question but im not too familiar with tcpdump... which interface should be the appropriate choice for watching inbound traffic? (And not capturing everything you do while browsing through the NANO interface)

It should be the last one and should have the word "lan" in it, or at least that's the case for me. To easily find out, try every one until it tells you that it's scanning 255 addresses and NOT -1 addresses.

Edited by M47H3W

Share this post


Link to post
Share on other sites

It should be the last one and should have the word "lan" in it, or at least that's the case for me. To easily find out, try every one until it tells you that it's scanning 255 addresses and NOT -1 addresses.

Cool, that's the one I tried but it was capturing everything I clicked on while going through settings in the Dashboard. I guess that's an unintended side effect of a shared connection? Thanks!

Share this post


Link to post
Share on other sites

Anybody else running tcpdump and encountering crashing? It doesn't last for more than a few hours at most, the process seems to die without any information, and when heading back into the module settings it's 'not running'. Trying to run it again ends up crashing the Pineapple and I'm forced to reboot or shut it down.

Share this post


Link to post
Share on other sites

I'm noticing that it turns wlan1 into wlan1mon even when I select wlan2 for capture and doesn't change it back after tcpdump is stopped. This conflicts with PineAP and as far as I can tell requires a reboot of the NANO since I couldn't bring it back up using iw or ifconfig (maybe I was doing it wrong). The exact command run from the module was

tcpdump -i wlan2 -v -X 

Can you fix this WM?

Share this post


Link to post
Share on other sites

Well, that's really weird because this is not done by the module. The module does not change the interfaces. The command as you see it in the GUI is directly started without any modification.

I guess you're using a usb wireless adapter with your nano ? I tried with my second wireless adapter with the exact command you gave and I don't have any issue, the module does not change anything with the interfaces.

You can see it yourself by starting your command from the module, then ssh to the NANO and issue "ps | grep tcpdump" you will see that it's using the correct interface.

Edited by Whistle Master

Share this post


Link to post
Share on other sites

I tested it out a couple more times with the NANO. Yes, I am using a USB wireless card for client mode on my home network. Here is exactly what's happening:

  1. Boot NANO, access it from (192.168.x.x IP), run ifconfig (everything is normal)
  2. Select tcpdump options as shown in previous post and start running it for capture on wlan2
  3. Stop capture and check ifconfig (wlan1 is gone and wlan1mon is in its place).

One thing I noticed yesterday is when I access the NANO via its 172.16.42.1 IP this issue doesn't come up. Could this be from accessing the NANO with the IP assigned to wlan2 then attempting to capture on wlan2?

Share this post


Link to post
Share on other sites

Adding to my previous post, today tcpdump is giving me Segmentation faults when crashing, suppose that's a better report, if I can be helpful with info at all...

Share this post


Link to post
Share on other sites

I have installed the tcpdump on the SD card (on my nano).

It - sort of - works - sometimes - but seems unpredictable and unreliable.

It does capture "things", but it seems impossible to interpret (as normal frames).

The log sometimes does not seem to update.

The history sometimes does not seem to update.

Sometimes - when I stop a session - suddenly the log updates and indicates that a large number of frames were captured, but there is nothing in the history.

Share this post


Link to post
Share on other sites

The log in the module does not "show" a lot of things, only when you stop tcpdump, you'll see some stats, so that's normal behaviour :smile:

It can happen that the history log is not refreshed. In that case it can be refreshed with the Refresh button.

Then, you have to download the history file to analyse it with Wireshark for example.

Share this post


Link to post
Share on other sites

Hey Whistle,

Just wanted to give you a shout-out! 

I finally got around to using the tcpdump module today, and oh man...when I tested it out with some wireless devices that were connected to the wifi pineapple (using an Internet Connection Sharing through a VPN, no less) and I browsed some websites that fail to use https even at a login page (*face-palm*) I was able to see the usernames and passwords in clear plain-text.

If this doesn't scare lazy web-developers, I don't know what will...

I'm going to use this method from now on as an example to show people why http has GOT TO GO.

Thanks for a great tool!

Share this post


Link to post
Share on other sites

Dear @Whistle Master

Your module is not working on latest TETRA with latest firmware. It seems that the modules.php in api is broken.

When starting tcpdump module I get a log saying "/pineapple/modules/tcpdump/scripts/tcpdump.sh: eval :line 1 : -w: not found".

After debugging a little bit your stuff it appears that in modules.php the: $this->request->command doesn't yield any command. Thus the concatenation is working but without any command.

Can you fix it please ?

Thanks.

Cheers,

Jon

 

 

  • Upvote 1

Share this post


Link to post
Share on other sites

Hi,

I have just flashed my Nano on the latest firmware, formatted my SD card and reinstalled all my modules from scratch *on the SD card*.

I just tried to run tcpdump, after installing the dependencies and I am getting the following error:

 /pineapple/modules/tcpdump/scripts/tcpdump.sh: eval: line 1: -w: not found

Anyone can help troubleshooting this problem?

Thanks.

Bugs.

Share this post


Link to post
Share on other sites

By the way, it makes no difference if I install the plugin on Internal memory.

Also, I can ssh to the NANO and run the tcpdump executable fine... just getting an error from the GUI.

Thanks.

Bugs.

Share this post


Link to post
Share on other sites

Hi Again,

Ok, so I have troubleshooted the problem. I don't know how this module can work for anyone in its current state...

looked at the /pineapple/modules/tcpdump/scripts/tcpdump.sh

that line:

eval ${MYCMD}

is what is causing the problem and the variable is set by

MYCMD=`cat /tmp/tcpdump.run`

looking at what that tcpdump.run is, produces:

-w /pineapple/modules/tcpdump/dump/dump_1518077505.pcap 2> /tmp/tcpdump_capture.log

so the problem is that tcpdump is missing from the beginning of that line!

I fixed the problem by changing the variable line to

MYCMD="tcpdump `cat /tmp/tcpdump.run`"
 

But then I get the following error on the GUI

tcpdump: /pineapple/modules/tcpdump/dump/dump_1518077956.pcap: No such file or directory
 

So I just created that dump folder

and now it runs....

Again, this was from a fresh Nano firmware install, with an empty SD card. Doesn't seem like it is normal behavior ;)

Hope it helps someone if they have the same problem. 

B.

Share this post


Link to post
Share on other sites

I had the same problem and followed your instructions and it worked.

After messing around with the settings, I chose an interface under the configurations which generated a command in the UI, and then I started getting the command "tcpdump tcpdump ..."  So it looks like you need to choose some settings to generate a command in the UI to avoid the missing tcpdump command in the eval.

Share this post


Link to post
Share on other sites

Hi,

 

I installed the module tcpdump on my sd card.

When I click on start, nothing happens.

How can I resolve that bug? I really don t understand.

thanks a lot

 

Share this post


Link to post
Share on other sites

@Whistle Master

On firmware 2.1.0 installation seemed to miss making the dump directory, once made dumps are working. The history section is empty even though dumps exists and the history counter is counting something else.

Share this post


Link to post
Share on other sites
20 hours ago, Just_a_User said:

@Whistle Master

On firmware 2.1.0 installation seemed to miss making the dump directory, once made dumps are working. The history section is empty even though dumps exists and the history counter is counting something else.

Responder history is doing the same thing.

Share this post


Link to post
Share on other sites

On firmware 2.3.1 - TCP Dump 1.5

/pineapple/modules/tcpdump/scripts/tcpdump.sh: eval: line 1: -w: not found

Share this post


Link to post
Share on other sites
3 hours ago, p28312 said:

On firmware 2.3.1 - TCP Dump 1.5


/pineapple/modules/tcpdump/scripts/tcpdump.sh: eval: line 1: -w: not found

dump directory is not made on install

mkdir /pineapple/modules/tcpdump/dump

 

Share this post


Link to post
Share on other sites
5 hours ago, Just_a_User said:

dump directory is not made on install


mkdir /pineapple/modules/tcpdump/dump

 

Thanks, I create the dump directory, i still get the same error. Any other suggestions?

Edited by p28312

Share this post


Link to post
Share on other sites
1 hour ago, p28312 said:

Thanks, I create the dump directory, i still get the same error. Any other suggestions?

Ummm your not trying to run that script on its own are you? to use tcpdump you can just run the tcpdump command from terminal.

Once the dump dir is made the module should work as is, well, it does for me on both tetra and nano.

Edited by Just_a_User

Share this post


Link to post
Share on other sites
1 minute ago, Just_a_User said:

Ummm your not trying to run that script on its own are you? to use tcpdump you can just run the tcpdump command from terminal.

Once the dump dir is made the module should work as is, well, it does for me on both tetra and nano.

No, from the module (web GUI).  I created the directory from terminal.  I'll try to do it via the tcpdump command too.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...