lowlyfin Posted April 3, 2023 Share Posted April 3, 2023 Using my plunderbug on a Win 10 PC with Wireshark. When I mute the plunderbug using the script or by disabling ipv4 and ipv6 manually I'm not seeing all of the packets. Just MDNS packets. Does it mirror all of the packets when it's muted? No issues when I unmute or check every box in the adapter options. Link to comment Share on other sites More sharing options...
dark_pyrro Posted April 4, 2023 Share Posted April 4, 2023 I can't reproduce that scenario. Getting everything that I expect to see in Wireshark after muting using the provided PowerShell script (ping/ICMP, http, https, arp, etc). Not that it perhaps should matter, but if there are other interfaces on both the target and the "listener" that are enabled, then disable all interfaces but the ones that are used in this specific scenario (i.e. only enable the Ethernet interface on the target that is connected to the Plunder Bug and the interface on the capturing machine that represents the Plunder Bug). Link to comment Share on other sites More sharing options...
lowlyfin Posted April 4, 2023 Author Share Posted April 4, 2023 15 hours ago, dark_pyrro said: I can't reproduce that scenario. Getting everything that I expect to see in Wireshark after muting using the provided PowerShell script (ping/ICMP, http, https, arp, etc). Not that it perhaps should matter, but if there are other interfaces on both the target and the "listener" that are enabled, then disable all interfaces but the ones that are used in this specific scenario (i.e. only enable the Ethernet interface on the target that is connected to the Plunder Bug and the interface on the capturing machine that represents the Plunder Bug). Thanks I appreciate the help. It seems like I'm only seeing packets from the network side (not the device side or any packets/frames moving through) the tap. I'll give it a try again with the other interfaces disabled. I have another tap that mirrors everything and hopefully I can get this to do the same. Thanks again I'll update if I have any ah ha moments. Link to comment Share on other sites More sharing options...
dark_pyrro Posted April 5, 2023 Share Posted April 5, 2023 The only thing I can think of if you see "WAN" traffic only, is that I'd suspect that the cables are connected to the wrong ports (i.e. LAN/target cable to "WAN" port and vice versa). But if you get results with the Plunder Bug connected the same way but without muted mode, then that can't be the issue. In any way, it should work and it doesn't seem to be Plunder Bug related really. I would check some more/other Windows machines just to rule out any specifics for the machine you're using it on at the moment. Link to comment Share on other sites More sharing options...
lowlyfin Posted April 5, 2023 Author Share Posted April 5, 2023 15 hours ago, dark_pyrro said: The only thing I can think of if you see "WAN" traffic only, is that I'd suspect that the cables are connected to the wrong ports (i.e. LAN/target cable to "WAN" port and vice versa). But if you get results with the Plunder Bug connected the same way but without muted mode, then that can't be the issue. In any way, it should work and it doesn't seem to be Plunder Bug related really. I would check some more/other Windows machines just to rule out any specifics for the machine you're using it on at the moment. I've tried a few different combos of settings with Win 10. I connected it between a Sharp MFP (printer) and a network switch. I sent a few pings to the printer, print jobs to the printer and SMTP send from the printer and I'm not seeing any of the traffic. I'll fire up a Linux distro and see if I can get it to work when muted. Thanks again for the help I really appreciate it! I'll let you know what I find. Link to comment Share on other sites More sharing options...
dark_pyrro Posted April 6, 2023 Share Posted April 6, 2023 That's strange. My previous comment about ports shouldn't really be relevant. I just have my Bug labeled with "W" and "L" for what's supposed to be the WAN and LAN side, but traffic should be possible to intercept regardless as it obviously flows in both directions. Link to comment Share on other sites More sharing options...
fbtm Posted April 12, 2023 Share Posted April 12, 2023 On 4/6/2023 at 12:59 AM, lowlyfin said: I've tried a few different combos of settings with Win 10. I connected it between a Sharp MFP (printer) and a network switch. I sent a few pings to the printer, print jobs to the printer and SMTP send from the printer and I'm not seeing any of the traffic. I'll fire up a Linux distro and see if I can get it to work when muted. Thanks again for the help I really appreciate it! I'll let you know what I find. Did you find any solution ? Probably I have the same problem Link to comment Share on other sites More sharing options...
lowlyfin Posted April 12, 2023 Author Share Posted April 12, 2023 9 hours ago, fbtm said: Did you find any solution ? Probably I have the same problem I have not. I'm going to test it with a Linux PC. Link to comment Share on other sites More sharing options...
lowlyfin Posted April 18, 2023 Author Share Posted April 18, 2023 Still not having luck with Win 10. I'm going to see if I can contact support to hopefully show me what I'm doing wrong. Link to comment Share on other sites More sharing options...
0ne-nine9 Posted May 25, 2023 Share Posted May 25, 2023 Hey buds. I had the same issue and I figured it out. @lowlyfin@fbtm If you guys are running Wireshark and the interface you are selecting is "ap1" or something simmilarly nondescript and you only see MDNS, that's because it's the wrong interface. The interface for the PlunderBug should show up as AX88772C if your drivers for the PlunderBug have been automatically installed. If not, try installing the drivers manually:https://docs.hak5.org/plunder-bug/getting-started/drivershttps://www.asix.com.tw/en/support/download If you're installing on MacOS, pay close attention to the installation instructions from the manufacturer. I've done this and I can now see the interface and it shows all protocols, not just MDNS. Link to comment Share on other sites More sharing options...
lowlyfin Posted May 25, 2023 Author Share Posted May 25, 2023 5 hours ago, 0ne-nine9 said: Hey buds. I had the same issue and I figured it out. @lowlyfin@fbtm If you guys are running Wireshark and the interface you are selecting is "ap1" or something simmilarly nondescript and you only see MDNS, that's because it's the wrong interface. The interface for the PlunderBug should show up as AX88772C if your drivers for the PlunderBug have been automatically installed. If not, try installing the drivers manually:https://docs.hak5.org/plunder-bug/getting-started/drivershttps://www.asix.com.tw/en/support/download If you're installing on MacOS, pay close attention to the installation instructions from the manufacturer. I've done this and I can now see the interface and it shows all protocols, not just MDNS. Awesome I'll give it a try tonight. Thanks for the help. Link to comment Share on other sites More sharing options...
lowlyfin Posted June 6, 2023 Author Share Posted June 6, 2023 It turns out the Plunderbug I received is defective. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.