Jump to content

Plunder Bug Issue When Muted


lowlyfin
Go to solution Solved by lowlyfin,

Recommended Posts

Using my plunderbug on a Win 10 PC with Wireshark. When I mute the plunderbug using the script or by disabling ipv4 and ipv6 manually I'm not seeing all of the packets. Just MDNS packets. Does it mirror all of the packets when it's muted? No issues when I unmute or check every box in the adapter options.

Link to comment
Share on other sites

I can't reproduce that scenario. Getting everything that I expect to see in Wireshark after muting using the provided PowerShell script (ping/ICMP, http, https, arp, etc). Not that it perhaps should matter, but if there are other interfaces on both the target and the "listener" that are enabled, then disable all interfaces but the ones that are used in this specific scenario (i.e. only enable the Ethernet interface on the target that is connected to the Plunder Bug and the interface on the capturing machine that represents the Plunder Bug).

Link to comment
Share on other sites

15 hours ago, dark_pyrro said:

I can't reproduce that scenario. Getting everything that I expect to see in Wireshark after muting using the provided PowerShell script (ping/ICMP, http, https, arp, etc). Not that it perhaps should matter, but if there are other interfaces on both the target and the "listener" that are enabled, then disable all interfaces but the ones that are used in this specific scenario (i.e. only enable the Ethernet interface on the target that is connected to the Plunder Bug and the interface on the capturing machine that represents the Plunder Bug).

Thanks I appreciate the help. It seems like I'm only seeing packets from the network side (not the device side or any packets/frames moving through) the tap. I'll give it a try again with the other interfaces disabled. I have another tap that mirrors everything and hopefully I can get this to do the same. Thanks again I'll update if I have any ah ha moments.

Link to comment
Share on other sites

The only thing I can think of if you see "WAN" traffic only, is that I'd suspect that the cables are connected to the wrong ports (i.e. LAN/target cable to "WAN" port and vice versa). But if you get results with the Plunder Bug connected the same way but without muted mode, then that can't be the issue. In any way, it should work and it doesn't seem to be Plunder Bug related really. I would check some more/other Windows machines just to rule out any specifics for the machine you're using it on at the moment.

Link to comment
Share on other sites

15 hours ago, dark_pyrro said:

The only thing I can think of if you see "WAN" traffic only, is that I'd suspect that the cables are connected to the wrong ports (i.e. LAN/target cable to "WAN" port and vice versa). But if you get results with the Plunder Bug connected the same way but without muted mode, then that can't be the issue. In any way, it should work and it doesn't seem to be Plunder Bug related really. I would check some more/other Windows machines just to rule out any specifics for the machine you're using it on at the moment.

I've tried a few different combos of settings with Win 10. I connected it between a Sharp MFP (printer) and a network switch. I sent a few pings to the printer, print jobs to the printer and SMTP send from the printer and I'm not seeing any of the traffic. I'll fire up a Linux distro and see if I can get it to work when muted. Thanks again for the help I really appreciate it! I'll let you know what I find.

Link to comment
Share on other sites

On 4/6/2023 at 12:59 AM, lowlyfin said:

I've tried a few different combos of settings with Win 10. I connected it between a Sharp MFP (printer) and a network switch. I sent a few pings to the printer, print jobs to the printer and SMTP send from the printer and I'm not seeing any of the traffic. I'll fire up a Linux distro and see if I can get it to work when muted. Thanks again for the help I really appreciate it! I'll let you know what I find.

Did you find any solution ? Probably I have the same problem

Link to comment
Share on other sites

  • 1 month later...

Hey buds. I had the same issue and I figured it out.

@lowlyfin@fbtm

If you guys are running Wireshark and the interface you are selecting is "ap1" or something simmilarly nondescript and you only see MDNS, that's because it's the wrong interface.

The interface for the PlunderBug should show up as AX88772C if your drivers for the PlunderBug have been automatically installed.
If not, try installing the drivers manually:
https://docs.hak5.org/plunder-bug/getting-started/drivers
https://www.asix.com.tw/en/support/download

If you're installing on MacOS, pay close attention to the installation instructions from the manufacturer.

I've done this and I can now see the interface and it shows all protocols, not just MDNS.

Link to comment
Share on other sites

5 hours ago, 0ne-nine9 said:

Hey buds. I had the same issue and I figured it out.

@lowlyfin@fbtm

If you guys are running Wireshark and the interface you are selecting is "ap1" or something simmilarly nondescript and you only see MDNS, that's because it's the wrong interface.

The interface for the PlunderBug should show up as AX88772C if your drivers for the PlunderBug have been automatically installed.
If not, try installing the drivers manually:
https://docs.hak5.org/plunder-bug/getting-started/drivers
https://www.asix.com.tw/en/support/download

If you're installing on MacOS, pay close attention to the installation instructions from the manufacturer.

I've done this and I can now see the interface and it shows all protocols, not just MDNS.

Awesome I'll give it a try tonight. Thanks for the help.

Link to comment
Share on other sites

  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...