Networking :: Can Forward Packets Sniffed By Monitor Mode Wireless Interface?
Feb 9, 2011
I'm a student who is working on a wireless research project. I have a madwifi driver for Atheros chipset on Debian Linux. With having the wireless interface get into monitor mode, I want to forward the captured packets from the wireless interface to the other Ethernet interface so that a different computer which is connected to this machine via Ethernet receives those packets. I checked that alll packets are received in the wireless interface using TCPDUMP. I tried to forward those packets with IPTABLES like 'iptables -p FORWARD -i ath0 -o eth2 -j ACCEPT' However, I couldn't see any packets forwarded to eth2 using TCPDUMP.
I need to route packets coming from a standalone switch port which is a mirror ("tap") of another port ("source"). I can't seem to forward packets whose MAC address is for a different device (the actual "target" of "source"). My device is in promisc mode,I can see the incoming packets in tcpdump and Wireshark. The only packets which get forwarded are those which have my MAC destination address (I changed the wiring to come straight from source and not the mirror port, to get "my" MAC address in the packet). My routing table is configured to forward and I have ip_forwarding enabled, obviously (otherwise packets sent to my MAC wouldn't route). By the way, the incoming packets are all VLAN tagged and I have matching subinterfaces.
Q1 - is this inherent, that packets won't get "passed up" to the IP layer unless the MAC addresses match?
Q2 - Would ebtables be a good solution, i.e. rewrite the dest MAC address to my own MAC addr and send to the INPUT target?
I'm using madwifi linux driver (ath1) in monitor mode to capture some wireless traffic. I can see that all wireless traffic is coming well through the wireless interface (checked using TCPDUMP). What I want to know is how I can forward the captured wireless packets to a different Ethernet interface (e.g. eth2) in the same machine to send those captured packet out to a different computer.
I set 1 for /proc/sys/net/ipv4/ip_forward
for iptables, I tried this rule: iptables -A FORWARD -i ath1 -o eth2 -j ACCEPT
However, I coudn't read any packet from eth2 via TCPDUMP.
I have a hardware device with two ethernet ports, eth0 and eth1 running Centos 5. Basically my goal is to forward packets from eth0->eth1 and eth1->eth0 as well as get a copy of these packets for analysis. If I set IP routing to do the forwarding then I won't get a copy of the packets for analysis.
I've a webserver at 10.10.0.55. Above in the hierarchy are managed network cisco switch / router and ASA firewall (the usual stuff). I also have a mail server at 10.10.0.200. I was told by the network admin that he can't forward port 80 to webserver and port 25 to mail server. Basically he said that it's a one-to-one (external.ip-to-internal.ip) mapping and all traffic, no matter what port it's destined for must go to 10.10.0.55. So, I turn to the wonder that linux is. The webserver is running Centos 5.4. Currently, all packets on port 25 are coming to the webserver. I want to forward all these packets to the email server. Note: the webserver only has one interface: eth0. I turned to web for help and did this in iptables:
It didn't work. I am assuming that since I only have one interface, a simple rule to the filter table and forward chain will not work.So i use the NAT table and try the following:
First of all, since there is no service/daemon listening on port 25 on the webserver, is it even going to work? Isn't the webserver simply going to discard packets on port 25? I am assuming that packets go through the iptables first, and so iptables should route the packets to the email server, where there is postfix listening on port 25. Am i right? Also, as you can see in the code above, all packets coming on port 25 on the webserver should be logged. But they aren't. In order to troubleshoot, I'd like to at least know that packets are coming into the iptables. But since it's not logging, I can't find out what's wrong.
I can't get my wireless into monitor mode. I;m running ubuntu 9.1 karmic It connects fine to wireless networks. But when i do: sudo iwconfig wlan0 mode monitor. I get: Error for wireless request "Set Mode" (8B06) :SET failed on device wlan0 ; Device or resource busy. I can only see wlan0 (wmaster0, eth0), not ath0 or wifi0 mentioned elsewhere, in wireshark. I only see my own ip and packets coming to and from that. my system tells me i have an atheros ar9285 chipset in place.
Running Ubuntu 10.10 on Hp Mini 1030nr My wireless card is a Broadcom BCM4312. I have the b43 driver installed. When I disable networking I can change to monitor mode but then it changes back to manage mode when I enable networking again. I tried using airmonNG but it;s not working.
For learning purposes i've set up a vpn between a laptop (running ubuntu) and a pc (running windows). The 2 computers are on the same lan. The VPN server is set on the laptop, and as a guide i used this tutorial:The problem is that the mtu on the ppp0 interface is 1396 and the mtu on the eth0 interface is 1492 so in order to pass packets from the et0 if to the ppp0 if, the laptop needs to fragment the packets, and here is where the problem appears: the packets come with the don't fragment bit set. I've tried lowering the mtu of the eth0 if but that didn't work. The only way i managed to make this work is setting the ppp0 mtu size to 1492. The thing is that setting the mtu and mru in the pptpd-options file to 1492 doesn't do anything (at least to solve this problem) and the only way to set the mtu of the ppp0 if is to manually set it using: Code:sudo ifconfig ppp0 mtu 1492 The issue with this is that every time the connection resets i have to enter the command.
|eth0 (a.a.a.a) | Linux PC |<----------------> | ROUTER |eth1 (b.b.b.b) | |<----------------->|
the linux machine has two interfaces eth0 (a.a.a.a) and eth1 (b.b.b.b) connnected to two interfaces of a router. Now that if I send any packet destined to b.b.b.b from a.a.a.a interface on the linux machine, it should take the folowing path: eth0->router->eth1 . and it should be the same for vice versa.
I have a linux box with two interfaces: eth0 is a builtin and eth1 is a USB-LAN.
There is an IP configured on eth1.
eth0 is up but no IP is configured. This interface is used for sniffing with tcpdump.
The problem is that eth0 frequently stops receiving packets -- my tcpdump captures are empty, and if I look at the interface stats with ifconfig, I can see that no packets are received.
If I bounce the interface (ifconfig eth0 down; ifconfig eth0 up), it starts receiving packets again.
I am trying to do something outlandish with iptables (or so I think!).I have a source sending udp packets to a destination (say dst11). Using port mirroring I am able to get all these packets to a different machine (say dst22). I am able to see these packets on dst22 interface using tcpdump.I want to analyze the packets on dst22. So what I do is put dst22 interface in promiscuous mode (using ifconfig eth0 promisc). This in theory should get the packet through the MAC layer. Now using iptables I am trying to DNAT the packets in nat prerouting to change the packets destination IP to dst22's interface and change the destination port.
First of all, this tutorial will use NDISWRAPPER, not b43, not wl (Broadcom STA). So, hooray for new method (actually, the only method ). Now, I don't want anyone to get scared because of bad experiences with Ndiswrapper or whatever, it's actually quite easy. I did not come up with any of this info. I'm just putting this guide together from Kacper Szczesniak's info (who came up with this method), WifiDocsDriverbcm43xxFeisty_No-Fluff from the Ubuntu Wiki, and my experience. The Broadcom STA (wl) driver has references to monitor mode in it's code, but does not have that functionality in reality. The Broadcom Windows driver on the other hand does have this capability. So, for monitor mode to work, you will need a patched version of ndiswrapper.
1) Install the Linux kernel headers:
Code:
sudo apt-get install linux-headers-$(uname -r)
2) Install the tools required to compile Ndiswrapper:
I have a computer with a BSD subsystem that is acting as a router to other Windows computers.
On one of my Windows, I have an Apache Web Server that I want people to access from the outside world.
So, I have created an ipfw rule in my router computer that goes like this: ipfw add 100 fwd 10.0.2.2 ip from any to any dst-port 2443
Thing is, nothing happens.
I've tried changing the ServerName in my Apache to match my IP address (which is the destination IP of the incoming packets, I imagine) but still, nothing.
Can you "split" a network interface in Ubuntu, similar to how airmon-ng lets you use your wireless card in managed and monitor mode, by making another interface out of the same hardware? I know it'd be slower, but I'd still like to do it.
i am wanting to turn my Debian box into a wireless AP, but for some unknown reason the wireless card won't switch into master mode when i run the command #iwconfig wlan1 mode master i get this Error for wireless request "Set Mode" (8B06): SET failed on device wlan1 ; Invalid argument. what does this mean and what do i need to configure/install to get it to work my wirless card is supported i checked it's a zydas chipset using the zd1211rw driver SMC EZ Connect SMCWUSB-G [URL]
I like to test my network often. Until recently, I've been doing so on my old Ubuntu 6.06 laptop... the problem is It's too slow (1.06 GHz single Core ), and old, (designed for Win 2000) to really be effective any more. So, recently I bought a new laptop...one with a Dual core Processor, and twice the speed. Anyway, I'm running Fedora Core 10 X86_64 on it. My problem is as follows:
Although I do have MadWifi installed, for some reason, I still can't put my Atheros based Netgear WPN511 into monitor mode. (in the Network configuration window, it says "Atheros Communications Inc. Atheros AR5001X+" I'm not sure what it means but I'll put it in in case it helps) does MadWifi not work with Fedora? if not, is there a Fedora 10 (X86_64) alternative?
A friend of mine has a Dell XPS1530 lappy that has a broadcom bcm4328 wireless adapter. I tried installing kismet on it so I can scan for wireless network in range. I configured it with the source driver as bcm43xx in kismet.conf and complained that the driver didn't support monitor mode. It uses the proprietary 'wl' kernel module to operate but kismet can't use the 'wl' module and it says the same error. I tried unloding the wl and b44 modules and loding the b43 driver but then the adapter stoped working. I searched on the net a bit and found out that kisment doesn't work with the prorpietary drivers for that card.
I want to do some pen-testing using aircrack-ng on my local network and currently the only wireless adapter I have is the WNA 1100 netgear adapter. I am using the ath9k_htc driver.
i have a linux server runnig oracle applications. i need to access this server from putty using ssh through internet. i did by registering my static ip with the dnydns.org and i am able to connect to the server. but now there is no security to authenticate any user as any one knowing the password can login to it.
i thought of configuring the firewall of linux server but the client ip`s are not static and they change continiously. so thought of keeping one more pc between the server and the router which will do the work of authenticating. but i am confuse as how to configure it to allow the packets coming from the internet after authenticating and to by pass the packets generated from internal LAN?
I'm running Lucid (10.04), dualboot vista, but I'm having some issues with my wireless USB dongle. Previously (in a different) location, the network wasn't showing in my wireless network tab, and that was never resolved. But now I'm in a new place, and what I'm finding is that my network is showing up in the networks tab, and I can select it, enter the PSK, and it starts to interrogate, but never seems to manage all the way through to getting internet.
Im not sure whether the machine is able to connect to the network, but not the wider internet, or what. The only indication I'm getting is that its connecting for a length of time, then gives up. I have managed to get the update tool pop up - so I'm not sure if thats an indicator of some internet connection or not (presumably it only generates the list of packages to update when it can connect to the net and see what updates are required...) I believe its also managed to get 1 or 2 ping packets through to the internet. I'm driving a belkin N-wireless USB adapter, N10117.
I want to install ubuntu server on an old pc and use it in my home office. However, I'll have to borrow a monitor to do the instillation... when I'm done I'll have to return it. Is there a way to monitor/manage the sever by using my web browser, free of cost?
Also seeing that I'm not so savvy with commands should I install the desktop interface?
I try to set-up an Access point using ubuntu 11.04. I am using the minimal configuration file from [URL] together with a TP-Link TL-WN422G (Atheros chipset). I've installed the linux-backports-net-natty-generic drivers. But when trying to start hostapd I always get this output:
Code: # hostapd -dd -K test.conf Configuration file: test.conf Failed to set interface wlan0 to master mode. nl80211 driver initialization failed. wlan0: Unable to setup interface. ELOOP: remaining socket: sock=5 eloop_data=0x9b9440 user_data=(nil) handler=0x43d980 I have also disabled the network-manager for this device by adding this to /etc/network/interfaces:
I'm trying to make my wireless router always give me the same ip address every boot (192.168.1.100). I do not have a static ip address from my isp.
Everything I've tried from online help has made my internet break and I'm not even sure what exactly I should be searching for on google.
Ultimately, I'm trying to get my wireless router to forward ftp requests to my computer which shares the network with an xp machine. I think this is the way to go about it.
I have just installed openSuse 11.4 KDE 64-bit on a Dell M1330. When I click on my networking panel, it says WLAN interface is unavailable. I've followed the steps in the stickied post and found the WLAN hardware info, a screenshot of which is below:Uploaded with ImageShack.usNext it says to do this - you need to look at the logs, in particular the info in /var/log/boot.msg. To see this, you need YaST => Miscellaneous => System Logs and select boot.msg.In YaST there is no such option for system logs under miscellaneous, so I can't do that. The results of the sudo /usr/sbin/iwlist scan command produce the following:
root's password: lo Interface doesn't support scanning. eth0 Interface doesn't support scanning.
I'm interested in installing Privoxy on CentOS. I have two nics and would like to setup this on my network. One nic will be inside and all computers will use the inside address to get to the proxy. The other nic will connect to my FW and forward traffic to the internet.
I understand I need to change config file for the listening ip "inside ip:8118", but how do I forward out the the outiside interface to get to the internet? Does Privoxy just pass the DNS request like web traffic?
I had aircrack-ng running on my old version and it worked well in the old version of linux but now when i run the programme and put my card in monitor mode it throws me the following message:
Found 5 processes that could cause trouble. If airodump-ng, aireplay-ng or airtun-ng stops working after a short period of time, you may want to kill (some of) them!
PID Name 677 avahi-daemon 678 avahi-daemon 701 NetworkManager 765 wpa_supplicant 2037 dhclient Process with PID 2037 (dhclient) is running on interface wlan0
I want to switch my laptop from XP to Ubuntu, but right now, i cant risk installing it. i dont want to have it partitioned so i can dual boot, so for now i only run the try-it-out mode.Before i consider installing though, i want to see if i can get everything to work ahead of time, that way im not regreting instalation. I have a Compaq Presario V2000 laptop, with 55GB hard drive and 516MB ram. So far, the trial mode is working great, but the wireless will not work. Ive tried to install the driver, but i am unable to do so. I have looked this up, and i have tried many things, and so far, none have worked.I was wondering if it was just part of the trial thing or not, but it is a Broadcom Wireless BCM4318 driver
