Penetration Testing mailing list archives
Re: Small hardware network sniffer - does it exist?
From: "Ivan ." <ivanhec () gmail com>
Date: Tue, 7 Nov 2006 14:20:04 +1100
Hi Isaac, The Zaurus is not a $1k solution, here is one for $94US with 30mins left to run on ebay http://cgi.ebay.com/Sharp-Zaurus-SL-5500_W0QQitemZ250045290601QQihZ015QQcategoryZ38331QQrdZ1QQcmdZViewItem?hash=item250045290601 cheers Ivan On 11/7/06, Isaac Van Name <ivanname () southerlandsleep com> wrote:
The Soekris box seems the best solution. I've been reading the multiple recommendations for using a Zaurus or BlackDog... and I have to disagree. The BlackDog option requires a system that already has Linux or Windows on it to operate, and it imposes its own OS on top of the one on the system; while small, this would not seem to meet the need well. The Zaurus, while small, seems a bit overkill... why pay around $1000 for a portable unit that will be stationary when you can pay <$200 for a stationary unit that will do the same thing? I agree that BlackDog and the Zaurus are cool toys, and I'd love to buy them to play with... but, if you look at the initial problem, then neither of those meet the solution well. I'd say go with the Soekris. Isaac Van Name Systems Administrator "What good would you do with an ignorant employee? Ignorance is grounds for dismissal..." - Mario Spinthiras Open Source developing at its finest: "Written in vim, W3C valid and UTF-8 encoded, for her pleasure." Disclaimer: This email is intended only to be used to feign intellectual mastery of a subject or superhuman command of the English language, when profanity is involved. By reading this email, you are agreeing to cease all correspondence with the sender upon realizing your own ignorance, and furthermore to refrain from taking legal action against said sender when your compounding ignorance crushes your inadequate self-esteem. Have a nice day. Original> -----Original Message----- Original> From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] Original> On Behalf Of Javier Reyna Padilla Original> Sent: Friday, November 03, 2006 6:01 AM Original> To: FocusHacks Original> Cc: Petr.Kazil () eap nl; PenTest Original> Subject: Re: Small hardware network sniffer - does it exist? Original> Original> Thats exactly what I was going to recommend. Original> Original> 1. buy a soekris box Original> 2. install linux on it Original> 3. put network interfaces in bridge mode --- use bridge modules in Original> kernel and bridge-utils Original> 4. use iptables and ip-queue module Original> 5.- install snort and run with -Q switch Original> 6. send oll traffic from iptables to snort (snort-inline). Original> 7. Cancel your social lief Original> 8. buy a ton of coffe for reading all logs/capture Original> 9. have fun! Original> Original> FocusHacks wrote: Original> > http://www.soekris.com/ Original> > Original> > They have some pretty small machines that are essentially headless Original> > 486s that can run BSD or Linux, and many of them have Original> > power-over-ethernet, multiple NICs, WiFi ability, etc. Original> > Original> > On 11/2/06, Petr.Kazil () eap nl <Petr.Kazil () eap nl> wrote: Original> >> Original> >> I have ordered a few hardware keyloggers to play with Original> >> (http://www.keelog.com/) and I was wondering if the same idea exists Original> for Original> >> networks? Original> >> A device that you could tape under a desk, and that would act as a Original> >> transparant bridge, sniffing all traffic. Original> >> Original> >> I know that you can use arp-spoofing to get a similar result (easier, Original> >> better?), and I know about hardware network taps. Original> >> But I'm still interested in the theoretical possibilities of this idea. Original> >> Original> >> I have a few old laptops, but these have just one PCMCIA network card, Original> so Original> >> bridging is not possible (well, with the right kind of network cards you Original> >> can get two in that slot - I'll see if you can still buy them). But Original> >> laptops are too big and heavy. Original> >> Original> >> I've looked at microcontrollers with ethernet adapters, but here I find Original> >> webserver appliances with just one network interface. They're small Original> >> but I'm Original> >> not sure if you could run an OS and a sniffer on them. I've looked at Original> >> miniboards but they are very expensive, too expensive for "just a toy". Original> >> Original> >> But, considering that you can get a 2-cigarette-pack sized Pix-firewall, Original> >> such hardware must exist. But I haven't found the right keywords yet. Original> Any Original> >> ideas? Original> >> Original> >> Greetings, Petr Kazil Original> >> Original> >> Original> >> ------------------------------------------------------------------------ Original> >> This List Sponsored by: Cenzic Original> >> Original> >> Need to secure your web apps? Original> >> Cenzic Hailstorm finds vulnerabilities fast. Original> >> Click the link to buy it, try it or download Hailstorm for FREE. Original> >> Original> http://www.cenzic.com/products_services/download_hailstorm.php?camp Original> =701600000008bOW Original> >> Original> >> ------------------------------------------------------------------------ Original> >> Original> >> Original> > Original> > Original> Original> Original> Original> ------------------------------------------------------------------------ Original> This List Sponsored by: Cenzic Original> Original> Need to secure your web apps? Original> Cenzic Hailstorm finds vulnerabilities fast. Original> Click the link to buy it, try it or download Hailstorm for FREE. Original> http://www.cenzic.com/products_services/download_hailstorm.php?camp Original> =701600000008bOW Original> ------------------------------------------------------------------------ Original> ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Re: Windows XP / 2K3 Default Users, (continued)
- Re: Windows XP / 2K3 Default Users jmk (Nov 01)
- Re: Windows XP / 2K3 Default Users Ivan Arce (Nov 01)
- Small hardware network sniffer - does it exist? Petr . Kazil (Nov 02)
- RE: Small hardware network sniffer - does it exist? Marc (Nov 02)
- Re: Small hardware network sniffer - does it exist? Matthew Leeds (Nov 02)
- RE: Small hardware network sniffer - does it exist? Clemens, Dan (Nov 02)
- Re: Small hardware network sniffer - does it exist? FocusHacks (Nov 02)
- Re: Small hardware network sniffer - does it exist? Javier Reyna Padilla (Nov 04)
- Re: Small hardware network sniffer - does it exist? - yup Alvin Oga (Nov 06)
- RE: Small hardware network sniffer - does it exist? Isaac Van Name (Nov 06)
- Re: Small hardware network sniffer - does it exist? Ivan . (Nov 07)
- Re: Windows XP / 2K3 Default Users Ivan Arce (Nov 01)
- Re: Windows XP / 2K3 Default Users jmk (Nov 01)
- Re: Small hardware network sniffer - does it exist? Tonnerre Lombard (Nov 03)
- Re: Small hardware network sniffer - does it exist? Scott Hazel (Nov 06)
- Re: Small hardware network sniffer - does it exist? Rogan Dawes (Nov 06)
- RE: Small hardware network sniffer - does it exist? Porter, Thomas (Tom) (Nov 09)