TCPDUMP NETMODE CLONE NOT WORKING

[OEZD]

Hello,

I would appriciate help running the squirrel TCPDUMP payload in CLONE mode

packet squirrel version the squirrel is running on: 3.2

Downloaded payload from github: packetsquirrel-payloads/payloads/library/sniffing/tcpdump/payload.sh

When running the script in TRANSPARENT mode it runs OK.

When changing the mode to CLONE  - can not have network connection.

Thx

 

[chrizree]

Running the script in CLONE mode isn't working due to the fact that the Packet Squirrel hasn't got a br-lan interface in CLONE mode. You can easily add a couple of lines to the original payload script to see what is happening "live" as the payload is running and watch the br-lan interface "disappear" when entering CLONE mode.

Replace these lines in the "run" function:

# Set networking to TRANSPARENT mode and wait five seconds

NETMODE TRANSPARENT

sleep 5

With these lines:

# Set networking to TRANSPARENT mode and wait ten seconds
NETMODE TRANSPARENT
sleep 10

echo "TRANSPARENT mode 1" >> /mnt/loot/tcpdump/run_log.txt
ifconfig >> /mnt/loot/tcpdump/run_log.txt

# Set networking to CLONE mode and wait ten seconds
NETMODE CLONE
sleep 10

echo "CLONE mode" >> /mnt/loot/tcpdump/run_log.txt
ifconfig >> /mnt/loot/tcpdump/run_log.txt

# Set networking to TRANSPARENT mode and wait ten seconds
NETMODE TRANSPARENT
sleep 10

echo "TRANSPARENT mode 2" >> /mnt/loot/tcpdump/run_log.txt
ifconfig >> /mnt/loot/tcpdump/run_log.txt

Then set the Packet Squirrel in Switch 1 and let it run as intended. After that, go back to Arming Mode and look in the run_log.txt file to see that br-lan is not available in CLONE mode.