Jump to content
Hak5 Forums
SP2005

Keep my IP out of the log files ?

Recommended Posts

My own IP is logged in the log files and it took me some time to see that the traffic in the log files was from my own phone. Is it possible to keep my IP/Phone out of the log files ?

Share this post


Link to post
Share on other sites
On 5/7/2018 at 10:59 AM, SP2005 said:

My own IP is logged in the log files and it took me some time to see that the traffic in the log files was from my own phone. Is it possible to keep my IP/Phone out of the log files ?

Is it a local IP, In a subnet range of (172.16.0.0./16 or 192.168.0.0/16) if so don't worry about it.  

What module are you using?

The log files are either stored on the SD or Internally, so if you really want to purge your ip from logs, use the "sed" command  to do string replacement on your own IP. 

Share this post


Link to post
Share on other sites

When I use SSlsplit I can see my own traffic in the logfile. I thought it would be nice if I could keep my own traffic out of this logfile.

Yes it is my own local IP like 172.....

Share this post


Link to post
Share on other sites

172.16.0.0/16 CIDR's are not Internet routable. From an outside perspective it could be anyones IP address.

Share this post


Link to post
Share on other sites

When I use my phone to connect to my NANO I can see I get the IP 172.... in the settings on my phone. When I look in the logfile of the NANO, I can see the same IP. So I'm pretty sure that it is my own IP I can see in the logfile.

Share this post


Link to post
Share on other sites
Posted (edited)

What exactly is the problem with that?

 

as trashbo4t said: 

172.16.0.0/16 CIDR's are not Internet routable. From an outside perspective it could be anyones IP address.

The pineapple DHCP gives you this local, unroutable IP to connect to the Pineapple. It is not unique to the phone, and doesn't say anything about your traffic or your device. It is basically useless to anyone getting acces to it, because anytime you connect your phone to your pineapple you will get a new one.

 

 

Edited by sebaz

Share this post


Link to post
Share on other sites
1 hour ago, SP2005 said:

When I use my phone to connect to my NANO I can see I get the IP 172.... in the settings on my phone. When I look in the logfile of the NANO, I can see the same IP. So I'm pretty sure that it is my own IP I can see in the logfile.

Here is some more information:

https://en.wikipedia.org/wiki/Private_network

 

Share this post


Link to post
Share on other sites

Imagine if you put up a hotspot and a lot of people connect to your hotspot they create a lot of traffic in the logfile. If you later goes through this logfile, to see what kind of data people was creating, you would not only see other peoples traffic but also your own traffic, which I want to sort out.

I hope not this is hard to understand.

Share this post


Link to post
Share on other sites

If you want to capture and analyse traffic, you are better of using wireshark with your pineapple. With wireshark you can easily filter traffic per IP/device.

https://www.wireshark.org/

 

 

Share this post


Link to post
Share on other sites

I can see I have to find out how I get those log files in my NANO and run them through Wireshark, for better view.

Share this post


Link to post
Share on other sites

I'm not sure exactly what you're trying to log. If you're just trying to capture packets:

tcpdump -i [interface] -w /path/to/savefile.pcap 'host not [your ip]'

Then you can download /path/to/savefile.pcap from your WiFi Pineapple and analyze it using wireshark or a number of other tools.

Share this post


Link to post
Share on other sites
Posted (edited)
18 minutes ago, Tesla said:

I'm not sure exactly what you're trying to log. If you're just trying to capture packets:


tcpdump -i [interface] -w /path/to/savefile.pcap 'host not [your ip]'

Then you can download /path/to/savefile.pcap from your WiFi Pineapple and analyze it using wireshark or a number of other tools. 

Note this will only capture traffic if the ip youre filtering out is not that of your gateway/pineapple.

i.e filter out your phones local IP not the pineapple, or else you wont capture any data of value or jut simplex traffic.

Edited by trashbo4t

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×