Wireshark on Shark Jack

[Gweedo]

I have seen Wireshark being used in the decriptions of other Hak5 products, and know that some products can also have other packages installed to use. Does anyone know of any reason that the Shark Jack could not be used for Wireshark packet capturing? Or does anyone have any experience using it for such?

[etherxrally]

Shark Jack only has one interface. I suppose you could look at running tcpdump but it would be only traffic that the shark sees. Normally with packet captures you are looking at a target device or major points of interest. There are other tools that are made to do that. 

[Gweedo]

9 hours ago, etherxrally said:

Shark Jack only has one interface. I suppose you could look at running tcpdump but it would be only traffic that the shark sees. Normally with packet captures you are looking at a target device or major points of interest. There are other tools that are made to do that. 

Thanks for the reply. I have another post in the questions subforum, but it was probably a bit vague to get a response. I currently use a RasPi EvilAP for full MITM, but as you stated most packet captures are looking at a more specified target or point of interest. In this case, the point of interest is the router itself and all the network traffic passing through it. An ethernet connection to the router should provide a direct link to it, but even I am sceptical about what that connection can really obtain. Direct access to the router using a different on-board connection such as USB might be different, but I don't really see a device for that either. The Hak5 product description for the Packet squirrel says it can capture packets between any endpoint, but does not specify if that can be done from ANY connection or only by placing it between those connections. Is there a device I am missing, or is my scepticism correct that a direct MITM link needs to be established? Thanks again.

[etherxrally]

Take a look at how networks communicate and you may get a better understanding on how and where you would want to place your device. Look at how layer 2 and layer 3 devices communicate. If you are trying to capture traffic going form one device to another on the same network or are you after traffic going to a different network? Depending on what you are after it will help dictate where you place your tap. For instance, Say you have a home network with a NAS and computers all on the same network and you want to see traffic going to the NAS. Putting your tap on the routers interface wouldn't make sense. You would want to tap the Port going to the NAS. However if you are looking for all traffic going out of the network then you wouldn't want to tap a single device but rather the routers interface. It just matters what traffic you are after, knowing how the network is configured and applying the tools in place where needed. 

[Gweedo]

8 hours ago, etherxrally said:

However if you are looking for all traffic going out of the network then you wouldn't want to tap a single device but rather the routers interface. It just matters what traffic you are after, knowing how the network is configured and applying the tools in place where needed. 

This is what I am looking for. Currently, all local devices go through a router and then connections go straight to the internet or through it to an off-site server. That was why tapping into the router interface seemed like the best option, or putting something in-line between the router and the internet. The router is not always easily accessable, depending on which location I am at (multiple warehouses/offices), otherwise I thought about just trying to build a payload for my Bash Bunny to use on that router interface option.