Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Small hardware network sniffer - does it exist?
From: Javier Reyna Padilla <jreyna () onlinet com mx>
Date: Fri, 03 Nov 2006 06:00:48 -0600

Thats exactly what I was going to recommend.

1. buy a soekris box
2. install linux on it
3. put network interfaces in bridge mode --- use bridge modules in
kernel and bridge-utils
4. use iptables and ip-queue module
5.- install snort and run with -Q switch
6. send oll traffic from iptables to snort (snort-inline).
7. Cancel your social lief
8. buy a ton of coffe for reading all logs/capture
9. have fun!

FocusHacks wrote:
http://www.soekris.com/

They have some pretty small machines that are essentially headless
486s that can run BSD or Linux, and many of them have
power-over-ethernet, multiple NICs, WiFi ability, etc.

On 11/2/06, Petr.Kazil () eap nl <Petr.Kazil () eap nl> wrote:

I have ordered a few hardware keyloggers to play with
(http://www.keelog.com/) and I was wondering if the same idea exists for
networks?
A device that you could tape under a desk, and that would act as a
transparant bridge, sniffing all traffic.

I know that you can use arp-spoofing to get a similar result (easier,
better?), and I know about hardware network taps.
But I'm still interested in the theoretical possibilities of this idea.

I have a few old laptops, but these have just one PCMCIA network card, so
bridging is not possible (well, with the right kind of network cards you
can get two in that  slot - I'll see if you can still buy them). But
laptops are too big and heavy.

I've looked at microcontrollers with ethernet adapters, but here I find
webserver appliances with just one network interface. They're small
but I'm
not sure if you could run an OS and a sniffer on them. I've looked at
miniboards but they are very expensive, too expensive for "just a toy".

But, considering that you can get a 2-cigarette-pack sized Pix-firewall,
such hardware must exist. But I haven't found the right keywords yet. Any
ideas?

Greetings, Petr Kazil


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW

------------------------------------------------------------------------







------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]