Jump to content
Hak5 Forums
birdloft

date and time

Recommended Posts

hi all,

sorry if that might be a newbie question: i get two different times when trying to diagnose packets:

during login busybox, when using the command date, and then the pcap file data date

ideas?

thanks

Share this post


Link to post
Share on other sites

the PS does not have a real time clock so the date and time are random.

Share this post


Link to post
Share on other sites

Just guessing here;

Since there's no real time clock, it gets the time from the network.  For a few minutes at least, the time is going to be wrong.  Though thinking about it, if it's in packet capture mode, it's going to be completely silent on the network, so it might not get any time updates.

Share this post


Link to post
Share on other sites

Yep, you are screwd. But it would be nice if the packet squirrel starts a clock when it is plugged in so you can sync the time later.

Share this post


Link to post
Share on other sites
2 hours ago, RazerBlade said:

Yep, you are screwd. But it would be nice if the packet squirrel starts a clock when it is plugged in so you can sync the time later.

It does. 

Share this post


Link to post
Share on other sites

I was wondering if it’s possible to use NTP packets as a way of setting the PS during packet capture? Maybe use ngrep to parse the time then set PS time from that?

Share this post


Link to post
Share on other sites

Or even run a script post capture to read captured NTP packets and use the value to update the time stamp of the packet captured?

Share this post


Link to post
Share on other sites

Also, if you note the time you start the capture, you can use wireshark to shift the date and time. Then save new file.

Share this post


Link to post
Share on other sites
On 11/14/2017 at 6:40 AM, Sebkinne said:

It does. 

Classic Sebkinne.

"Yes it does."

"No, it doesn't."

No explanation - still leaves everyone in the dark by answering a question. Haha.

Share this post


Link to post
Share on other sites

Most of our products don't feature a Real-Time-Clock (RTC). While the Bash Bunny features a RTC, it isn't powered when the Bash Bunny is unplugged, so it cannot keep time.

This means that the internal clock resets to January 1970 every time we (re)boot. This will cause all sorts of issues, such as thinking SSL certificates are expired. To prevent this type of issue, we look scan the filesystem for the newest file, grab that timestamp, and set our clock to that.

This means that without an internet connection, we are going to set the time to that of the newest file present. When you have an internet connection, NTP will ensure that the time is kept up-to-date. This will in turn update a file, which will allow us to get "closer" to the real time.

  • Like 1

Share this post


Link to post
Share on other sites

Plus, Having a RTC would of pushed the size and cost of the PS up. Packet time stamps can be updated Post capture using wireshark.

  • Upvote 1

Share this post


Link to post
Share on other sites

Most of the time I will just be happy to be in the ballpark.  I'll probably just touch a file on the USB while I have an internet connection before heading out to use the PS. 

Share this post


Link to post
Share on other sites

So Sebkinne's saying that the BB's price was pushed up for no real reason - just for a piece of hardware that can't do it's job?

Way to go. :P

Share this post


Link to post
Share on other sites
35 minutes ago, Dave-ee Jones said:

So Sebkinne's saying that the BB's price was pushed up for no real reason - just for a piece of hardware that can't do it's job?

Way to go. :P

Excuse me? I said no such thing. I just explained how the clocks work.

Edit: If you are referring to the fact that I said the Bash Bunny has a RTC on board, it's because it's part of the ARM SoC. We don't include hardware we know we won't use.

  • Like 1

Share this post


Link to post
Share on other sites
36 minutes ago, Sebkinne said:

Excuse me? I said no such thing. I just explained how the clocks work.

Edit: If you are referring to the fact that I said the Bash Bunny has a RTC on board, it's because it's part of the ARM SoC. We don't include hardware we know we won't use.

I was joking, haha.

Man, everyone's so touchy nowadays..is it because they think they're annoyed at their relatives for not getting enough presents for Christmas..?

Share this post


Link to post
Share on other sites
3 hours ago, Ranish said:

Could you add a small battery too it DIY style?

Not as far as I know. 

Share this post


Link to post
Share on other sites

In the Let's Code video, it was mentioned something to the effect that the PS takes the most recent timestamp of files found during boot up.  Any particular file or file location?   My thought is shortly before I go onsite to use the packet squirrel, I would touch a file in whatever location the PS is going to look to for setting its date during boot up.   This would allow me at least have the PCAP files be on the same date.     Most of the places I would be capturing packets are not going to have access to an NTP server

Share this post


Link to post
Share on other sites
On 5/6/2018 at 11:30 AM, MTBBill said:

In the Let's Code video, it was mentioned something to the effect that the PS takes the most recent timestamp of files found during boot up.  Any particular file or file location?   My thought is shortly before I go onsite to use the packet squirrel, I would touch a file in whatever location the PS is going to look to for setting its date during boot up.   This would allow me at least have the PCAP files be on the same date.     Most of the places I would be capturing packets are not going to have access to an NTP server

Pretty sure it's any file on the system.  So just plugging in the squirrel for a few minutes that morning should do it.  As long as at that time it can see a time server.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×