From charlesreid1


For a wired network tap, we need an attacking device with two network interfaces - one to connect to the sheep, one to connect to the network device.

A physical network tap can be as simple as a crossover cable connecting to the target computer. This is easier if the attacking computer is a router running OpenWRT or a Raspberry Pi or some other low form factor computer.

The Network Arrangement

The network will be arranged as follows:

[ Router ]-----[ Kronos (Attacker) ]------[ Mars (Sheep) ]

Usually the attacker has two ethernet ports, but in this case I'll be using one ethernet port and one wireless card:

[ Router ]  ~  ~  ~  ~   [ Kronos (Attacker) ]---------[ Mars (Sheep) ]


Install Bridge Utils on Attacker

On machine doing the attacking, you will need bridge utilities to the build the network bridge. Install this before you do any of the rest of these steps.

kronos $ apt-get install bridge-utils

Connect to Target and Router

First step is to replicate the connection described above, either with wireless or wired connections.

Having a wired connection between the attacker and the sheep greatly simplifies the attack.

The attacking machine has an ethernet device connected to a crossover cable connected to the sheep:

kronos $ ifconfig eth0

It also has a wireless card,

kronos $ ifconfig wlan5

which is connected to a wireless network and to the internet. This is the connection the sheep will share.

Open IP Addresses

Configure both devices as open.

kronos $ ifconfig eth0
kronos $ ifconfig wlan5

Create Bridge

Attempt 1

Now bridge the two devices with a bridge0 interface and the brctl command:

kronos $ brctl addbr bridge0
kronos $ brctl addif bridge0 eth0
kronos $ brctl addif bridge0 wlan5
can't add wlan5 to bridge bridge0: Operation not supported


Attempt 2

Edit network interfaces:

kronos $ vim /etc/network/interfaces

We'll make a bridge in the network interfaces file, instead of ad hoc on the command line.

Add this info to /etc/network/interfaces:

auto br0
iface br0 inet dhcp
bridge_ports wlan0 eth2 up \
/sbin/iwconfig wlan0 essid MyHomeRouter && \
/sbin/iwconfig wlan0 channel 11 && \
/sbin/iwconfig wlan0 mode Master

Now you can refresh your network devices and you should see your bridge.

To refresh your network devices:

kronos $ service networking restart

Check if it's there - aaaaaand, cha-ching!

kronos $ ifconfig br0
br0       Link encap:Ethernet  HWaddr 36:6b:d8:b6  
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:2052 (2.0 KiB)

Test Bridge

Only an idiot would go across a bridge without testing it..... right?

Attempt 1

1. Start browsing the web on the sheep. (FAIL: Sheep can't get an IP or a network connection out.)

2. Run tcpdump on the attacking machine.


Gonna switch this around.

Wireless access point, routing to ethernet.

Man in the Middle/Wireless/Network Tap