+grml-network (0.3.1) unstable; urgency=low
+
+ * New script grml-sniff for configuring a network sniffing setup.
+ * Fix typos in grml-bridge.
+ * Drop 'Latest change' headers from all files.
+
+ -- Michael Prokop <mika@grml.org> Mon, 17 Aug 2009 11:23:58 +0200
+
grml-network (0.2.9) unstable; urgency=low
* scanmodem: apply patch by Joerg Woelke which addresses the
gzip -f --best `echo $^ |sed -e 's/.txt//'`
-MANPAGES = grml-vnet.8
+MANPAGES = grml-sniff.8 grml-vnet.8
all: doc
--- /dev/null
+grml-sniff(8)
+============
+
+NAME
+----
+grml-sniff - script for configuring a network sniffing setup
+
+SYNOPSIS
+--------
+*grml-sniff* [OPTIONS]
+
+DESCRIPTION
+-----------
+This manual page documents briefly the *grml-sniff* command.
+*grml-sniff* is a script for configuring a network sniffing setup.
+It does NOT sniff on a hub/switch but instead sets up a man-in-the-middle (MITM)
+configuration using a bridge device with two network devices.
+
+OPTIONS
+-------
+
+ *start*::
+
+Start sniffing setup.
+
+ *stop*::
+
+Stop sniffing setup (set interfaces down and remove bridge device).
+
+ *restart*::
+
+Restart grml-sniff.
+
+ *status*::
+
+Display status of configuration.
+
+ *info*|*-h*|*--help*::
+
+Show usage information.
+
+Usage example
+-------------
+
+This section describes the setup and configuration for capturing network traffic
+on a setup like follows (assuming the 'Sniffing Computer' is the box where
+you are using Grml with grml-sniff):
+
+ Hub/Switch/Router
+ ^
+ |
+ | Interface known as 'eth0' in the documentation
+ |
+ |
+ v Interface known as 'eth2'
+ Sniffing Computer <---------------------------> Control Computer (optional,
+ ^ providing GUI, Wireshark,
+ | Backup of dumpfiles, etc)
+ |
+ | Interface known as 'eth1' in the documentation
+ |
+ v
+ Client System
+
+Disable DHCP
+~~~~~~~~~~~~
+
+Start with booting Grml using the 'nodhcp' bootoption. This makes sure that no
+network configuration is being executed automatically while booting. If you
+booted your Grml system without the nodhcp option by accident, just execute
+'killall pump; killall dhclient' after booting finished to make sure there
+aren’t any running DHCP clients anymore.
+
+After booting finished check out the available network interfaces:
+
+ ifconfig -a
+
+At least two interfaces should be present (usually named eth0 and eth1, that’s
+what we are using in this documentation as well). Make sure the network cards
+are connected with the hub/switch/router and the client accordingly! The third
+interface (known as eth2 in this documentation) is just optional and not
+necessary for sniffing itself.
+
+Simple (but not necessarily 100% reliable) check for network connnection using a
+software command:
+
+ ethtool eth0
+ ethtool eth1
+ ethtool eth2
+
+Look for 'Advertised auto-negotiation: Yes' and 'Link detected: yes'.
+
+Configuration
+~~~~~~~~~~~~~
+
+Make sure the according network interfaces are configured as BRIDGE_DEVICES in
+/etc/grml/router-setup. If you are using eth0 and eth1 you don't have to do
+anything (the default is just fine)! Otherwise adjust BRIDGE_DEVICES in
+/etc/grml/router-setup accordingly. For example if the devices you would like to
+use within the sniffing bridge are named eth2 and eth4 use:
+
+ BRIDGE_DEVICES='eth2 eth4'
+
+Start sniffing setup
+~~~~~~~~~~~~~~~~~~~~
+
+Assuming you configured /etc/grml/router-setup as documented in the previous
+section, finally invoke grml-sniff:
+
+ grml-sniff start
+
+That's it. Now your system should be set up accordingly for capturing network
+traffic.
+
+Capturing traffic
+~~~~~~~~~~~~~~~~~
+
+Execute:
+
+ tcpdump -s -C 50 -vvvv -w pcap -i br0
+
+to generate files named pcap, pcap1, pcap2,... each with a file size of ~50MB.
+Press CTRL-C to stop capturing traffic. You can analyse the generated pcap files
+for example using wireshark(1).
+
+See also
+--------
+grml-ap(8), grml-bridge(8), grml-router(8)
+
+AUTHOR
+------
+grml-sniff was written by Michael Prokop <mika@grml.org>.
+++ /dev/null
-.\" Hey, EMACS: -*- nroff -*-
-.\" First parameter, NAME, should be all caps
-.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
-.\" other parameters are allowed: see man(7), man(1)
-.TH GRML-NETWORK SECTION "Oktober 28, 2006"
-.\" Please adjust this date whenever revising the manpage.
-.\"
-.\" Some roff macros, for reference:
-.\" .nh disable hyphenation
-.\" .hy enable hyphenation
-.\" .ad l left justify
-.\" .ad b justify to both left and right margins
-.\" .nf disable filling
-.\" .fi enable filling
-.\" .br insert line break
-.\" .sp <n> insert n+1 empty lines
-.\" for manpage-specific macros, see man(7)
-.SH NAME
-grml-network \- program to do something
-.SH SYNOPSIS
-.B grml-network
-.RI [ options ] " files" ...
-.br
-.B bar
-.RI [ options ] " files" ...
-.SH DESCRIPTION
-This manual page documents briefly the
-.B grml-network
-and
-.B bar
-commands.
-.PP
-.\" TeX users may be more comfortable with the \fB<whatever>\fP and
-.\" \fI<whatever>\fP escape sequences to invode bold face and italics,
-.\" respectively.
-\fBgrml-network\fP is a program that...
-.SH OPTIONS
-These programs follow the usual GNU command line syntax, with long
-options starting with two dashes (`-').
-A summary of options is included below.
-For a complete description, see the Info files.
-.TP
-.B \-h, \-\-help
-Show summary of options.
-.TP
-.B \-v, \-\-version
-Show version of program.
-.SH SEE ALSO
-.BR bar (1),
-.BR baz (1).
-.br
-The programs are documented fully by
-.IR "The Rise and Fall of a Fooish Bar" ,
-available via the Info system.
-.SH AUTHOR
-grml-network was written by <upstream author>.
-.PP
-This manual page was written by Michael Prokop <mika@grml.org>,
-for the Debian project (but may be used by others).
# Authors: grml-team (grml.org), (c) Michael Prokop <mika@grml.org>
# Bug-Reports: see http://grml.org/bugs/
# License: This file is licensed under the GPL v2.
-# Latest change: Don Okt 12 10:50:51 CEST 2006 [mika]
################################################################################
# configuration for grml-router:
# IPTABLES=/sbin/iptables # the iptables binary
OUTDEV='auto' # outgoing device [auto|default|eth0|...]
-# configuration for grml-bridge:
+# configuration for grml-bridge and grml-sniff:
# BRCTL=/usr/sbin/brctl # the brctl binary
BRIDGE_NAME='br0' # name used for the bridge
BRIDGE_DEVICES='eth0 eth1' # the devices used for bilding the bridge
# Authors: grml-team (grml.org), (c) Michael Prokop <mika@grml.org>
# Bug-Reports: see http://grml.org/bugs/
# License: This file is licensed under the GPL v2.
-# Latest change: Mit Okt 11 23:00:43 CEST 2006 [moemoe]
################################################################################
# exit on any error
# Authors: grml-team (grml.org), (c) Michael Prokop <mika@grml.org>
# Bug-Reports: see http://grml.org/bugs/
# License: This file is licensed under the GPL v2.
-# Latest change: Mit Mär 26 23:02:52 CET 2008 [mika]
################################################################################
-# exit on any error
-set -e
-
CONFIG_FILE=/etc/grml/routersetup
. /etc/grml/lsb-functions
. /etc/grml/script-functions
done
eoutdent
- einfo "Enabling promiscous mode on: "
+ einfo "Enabling promiscuous mode on: "
eindent
for i in $BRIDGE_DEVICES ; do
einfo "$i"
ip a a $BRIDGE_IP dev $BRIDGE_NAME
;;
NONE)
- einfo "Leaving $BRIDGE_NAME uconfigured"
+ einfo "Leaving $BRIDGE_NAME unconfigured"
;;
esac
eoutdent
done
eoutdent
- einfo "Disabling promiscous mode on: "
+ einfo "Disabling promiscuous mode on: "
eindent
for i in $BRIDGE_DEVICES ; do
einfo "$i "
# Authors: (c) Klaus Knopper Mar 2004, (c) Michael Prokop <mika@grml.org>
# Bug-Reports: see http://grml.org/bugs/
# License: This file is licensed under the GPL v2.
-# Latest change: Fre Apr 20 00:36:37 CEST 2007 [mika]
################################################################################
PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11R6/bin:/usr/local/bin"
# Authors: grml-team (grml.org), (c) Andreas Gredler <jimmy@grml.org>
# Bug-Reports: see http://grml.org/bugs/
# License: This file is licensed under the GPL v2.
-# Latest change: Tue Jul 22 01:13:08 CEST 2008 [mika]
################################################################################
################################################################################
# Authors: grml-team (grml.org), (c) Michael Prokop <mika@grml.org>
# Bug-Reports: see http://grml.org/bugs/
# License: This file is licensed under the GPL v2.
-# Latest change: Sam Jän 26 00:12:57 CET 2008 [mika]
################################################################################
################################################################################
# Authors: grml-team (grml.org), (c) Martin Hecher <hecka@grml.org>
# Bug-Reports: see http://grml.org/bugs/
# License: This file is licensed under the GPL v2.
-# Latest change: Sam Jän 26 00:13:11 CET 2008 [mika]
################################################################################
################################################################################
# Authors: grml-team (grml.org), Ulrich Dangel <schula@grml.org>, Michael Prokop <mika@grml.org>
# Bug-Reports: see http://grml.org/bugs/
# License: This file is licensed under the GPL v2.
-# Latest change: Sam Okt 07 23:18:38 CEST 2006 [mika]
################################################################################
-# exit on any error
-set -e
-
CONFIG_FILE=/etc/grml/routersetup
. /etc/grml/lsb-functions
. /etc/grml/net-functions
--- /dev/null
+#!/bin/sh
+# Filename: grml-sniff
+# Purpose: script for configuring a network sniffing setup
+# Authors: grml-team (grml.org), (c) Michael Prokop <mika@grml.org>
+# Bug-Reports: see http://grml.org/bugs/
+# License: This file is licensed under the GPL v2.
+################################################################################
+
+CONFIG_FILE=/etc/grml/routersetup
+. /etc/grml/lsb-functions
+. /etc/grml/script-functions
+
+usage_info()
+{
+ einfo "$0 - script for configuring a network sniffing setup"
+ einfo "Configure via $CONFIG_FILE - see man 8 grml-sniff" ; eend 0
+}
+
+if ! [ -r "$CONFIG_FILE" ] ; then
+ eerror "$CONFIG_FILE could not be read."
+ exit 1
+fi
+
+. "$CONFIG_FILE"
+
+if [ -z "$BRIDGE_DEVICES" ] ; then
+ eerror "Bridge devices (\$BRIDGE_DEVICES) not set in $CONFIG_FILE"
+ exit 1
+fi
+
+[ -n "$BRCTL" ] || BRCTL='brctl'
+[ -n "$BRIDGE_NAME" ] || BRIDGE_NAME='br0'
+[ -n "$BRIDGE_DEVICES" ] || BRIDGE_DEVICES='eth0 eth1'
+
+check4progs $BRCTL || exit 1
+
+case "$1" in
+ start)
+ check4root || exit 1
+ einfo "Starting sniffing setup"
+ eindent
+ einfo "Creating bridge device"
+ brctl addbr "$BRIDGE_NAME"
+ eend $?
+
+ einfo "Bringing network device in promiscuous mode up:"
+ eindent
+ for i in $BRIDGE_DEVICES ; do
+ einfo "$i"
+ ifconfig "$i" -arp promisc 0.0.0.0 up ; eend $?
+ done
+ eoutdent
+
+ einfo "Adding network devices to $BRIDGE_NAME:"
+ eindent
+ for i in $BRIDGE_DEVICES ; do
+ einfo "$i"
+ brctl addif "$BRIDGE_NAME" $i ; eend $?
+ done
+ eoutdent
+
+ einfo "Bringing bridge $BRIDGE_NAME in promiscuous up"
+ ip link set "$BRIDGE_NAME" promisc on up ; eend $?
+ eoutdent
+ ;;
+
+ stop)
+ check4root || exit 1
+ einfo "Stopping sniffing setup"
+ eindent
+ einfo "Removing network devices from $BRIDGE_NAME: "
+
+ eindent
+ for i in $BRIDGE_DEVICES ; do
+ einfo "$i "
+ brctl delif "$BRIDGE_NAME" $i ; eend $?
+ done
+ eoutdent
+
+ einfo "Disabling promiscuous mode on: "
+ eindent
+ for i in $BRIDGE_DEVICES ; do
+ einfo "$i "
+ ip link set "$i" promisc off ; eend $?
+ done
+ eoutdent
+
+ einfo "Bringing bridge $BRIDGE_NAME down"
+ ip link set "$BRIDGE_NAME" down; eend $?
+
+ einfo "Removing bridge device $BRIDGE_NAME"
+ ifconfig "$BRIDGE_NAME" down || /bin/true
+ brctl delbr "$BRIDGE_NAME"
+ eend $?
+ eoutdent
+ ;;
+
+ restart)
+ check4root || exit 1
+ $0 stop
+ sleep 1
+ $0 start
+ ;;
+
+ info|-h|--help)
+ usage_info
+ ;;
+
+ status)
+ check4root || exit 1
+ einfo "$0 - status:"
+ $BRCTL show ; eend $?
+ ;;
+
+ *)
+ echo "Usage: $0 {start|stop|restart|status|info}"
+ exit 1
+ ;;
+esac
+
+## END OF FILE #################################################################
+# vim: ft=sh expandtab ai
# Authors: grml-team (grml.org), (c) Michael Prokop <mika@grml.org>
# Bug-Reports: see http://grml.org/bugs/
# License: This file is licensed under the GPL v2.
-# Latest change: Sam Jän 26 00:12:37 CET 2008 [mika]
################################################################################
# Documentation:
# Authors: (c) Klaus Knopper Mar 2004, (c) Michael Prokop <mika@grml.org>
# Bug-Reports: see http://grml.org/bugs/
# License: This file is licensed under the GPL v2.
-# Latest change: Mit Okt 04 11:51:09 CEST 2006 [mika]
################################################################################
PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11R6/bin:/usr/local/bin"