Saturday, October 18, 2008

Wired and Wireless Network Taps!

The idea of a network tap is to stealthily re-route all of a given network's packets through your own machine in order to log the said packets and mine data from the network.

There are several ways to accomplish this. The first two ways are fairly standard, but I devised the third way on my own. If someone has made a wireless network tap to be used in this way before I have, that's fine. But to my knowledge, it's never been done before. Please let me know if it has :)

1. Passive Wired Network Tap: Physically separate the Tx/Rx pairs of wires and run them to separate NICs in the host computer (the computer that's logging the packets and mining the data). One NIC recieves data on the Rx pair (which is normal), the other recieves data on the Tx pair, which is where data that's being transmitted on the network is intercepted. Thus we need two pairs of recieving pins, thus we need two NICs.

For more info, check out Hack A Day's post on passive network taps.


2. Wired Hub: Simply patch a wired hub into the network, then plug into the hub. Problem: you're visible on the network! Note that I haven't tried it with a hub (I don't even own one that works), but in theory it should work. Not recomended, though.

3. Wireless Network Tap: This gets a little more complicated. In a wireless network, all data doesn't travel through all hosts, so the logical solution is to hardwire into the access point... but what if you can't get to it? The solution: Bridge the wireless network, then patch the bridge to a wired/wireless access point. As long as the SSID, channel, encryption, and password are the same (note: this assumes you have access to the wireless network... if not, encryption isn't hard to crack... google it), wireless clients will connect to it. The wireless clients will connect to the WAP (wireless access point) with the best signal, though. So use an open router with DD-WRT (or another open firmware) to crank up the broadcast power, and use a high-gain antenna... now all of the wireless clients will connect to your access point! Now, plug your host PC into the access point. Everything from the wireless network will be repeated onto the wired network, so you can now sniff through all of the packets on the network. Note that using a wired network tap between the access point and the host PC isn't absolutely necessary, but would be a good idea.

I built wired and wireless network taps recently and have been testing them out (with great success rates). Here are some pictures from my network tapping expedition:

The wired network tap all wired up. Note that I used wire from about 6" of Cat5e cable.












































Now, to monitor a network with it, we need to wire it in.

So here is our target network. The white cable on #9 is our WAN connection, in this case, so all data entering and leaving the network will go through it. This is the cable we need to tap.




















We'll need to unplug it, run another cable to one of the fully wired jacks, and plug the original cable into the other fully wired jack. Then we'll plug another pair of cables into the Tx and Rx jacks to run to the NICs in our host PC.























And we're set! You can leave it connected like that if you want (if you own the network or have permission to leave it there), as it won't interfere with anything.

Now you can install a sniffer program (Wireshark is good if you use Windows, otherwise refer to the post on Hack a Day for more programs), and start sniffing for data. If you don't know what you're looking for in your collected data, do some googling and figure out what to do. Hint: Look for "POST", then follow the stream. You'll find lots of credentials (as long as they aren't encrypted).

That's it for the wired network tap... here's how I did it with wireless.

I started with a Linksys WRT54G for the bridge and a Buffalo WHR-HP-G54 for the access point. I chose to use the WHR-HP-54G for the WAP because it has internal and external antennas for a wide range of wireless clients (indoors, outdoors, moving, stationary, etc). I wouldn't need that for the bridge, as it's connected to a stationary WAP.

To make this slightly more useful, I set it up so I could run the entire setup from within my car. The WRT54G runs on 12vdc, which I can get from my car battery, and the WHR-HP-G54 runs on 5vdc, which I can pull from the host PC's USB port. So I did a bit of splicing and now have a USB powered WAP.























After bridging the networks and hooking it all up, here's the finished product!























And that's how to tap networks! If you've got any questions, feel free to email me or ask in the comments, below. I'll reply either way.

Thanks for reading! Let me know what you think of the projects!

1 comment:

dsds said...

Excellent post!!! I have learnt many things form here. I have also website where you can visit and pass your leasure time. In everyone’s life, at some time, our inner fire goes out. It is then burst into flame by an encounter with another human being. We should all be thankful for those people who rekindle the inner spirit. To get more information, visit here……………
wireless network