From 5ccffd6ee849bb7c004e464f3972bcce22beac7c Mon Sep 17 00:00:00 2001 From: Michael Prokop Date: Mon, 17 Aug 2009 11:25:28 +0200 Subject: [PATCH] New script grml-sniff; fix typo in grml-bridge; drop Latest change header --- debian/changelog | 8 +++ docs/Makefile | 2 +- docs/grml-sniff.8.txt | 132 +++++++++++++++++++++++++++++++++++++++++++ man/manpage.1.ex | 59 ------------------- routersetup | 3 +- sbin/grml-ap | 1 - sbin/grml-bridge | 10 +--- sbin/grml-network | 1 - sbin/grml-pptp-inode | 1 - sbin/grml-pptp-vcgraz | 1 - sbin/grml-pptp-xdsl-students | 1 - sbin/grml-router | 4 -- sbin/grml-sniff | 122 +++++++++++++++++++++++++++++++++++++++ sbin/grml-vpnc-tugraz | 1 - sbin/modemlink | 1 - 15 files changed, 267 insertions(+), 80 deletions(-) create mode 100644 docs/grml-sniff.8.txt delete mode 100644 man/manpage.1.ex create mode 100755 sbin/grml-sniff diff --git a/debian/changelog b/debian/changelog index 6dacb10..fd01426 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +grml-network (0.3.1) unstable; urgency=low + + * New script grml-sniff for configuring a network sniffing setup. + * Fix typos in grml-bridge. + * Drop 'Latest change' headers from all files. + + -- Michael Prokop Mon, 17 Aug 2009 11:23:58 +0200 + grml-network (0.2.9) unstable; urgency=low * scanmodem: apply patch by Joerg Woelke which addresses the diff --git a/docs/Makefile b/docs/Makefile index 3cd60ac..fe3b24a 100644 --- a/docs/Makefile +++ b/docs/Makefile @@ -23,7 +23,7 @@ man1 = $(usr)/share/man/man1/ gzip -f --best `echo $^ |sed -e 's/.txt//'` -MANPAGES = grml-vnet.8 +MANPAGES = grml-sniff.8 grml-vnet.8 all: doc diff --git a/docs/grml-sniff.8.txt b/docs/grml-sniff.8.txt new file mode 100644 index 0000000..1d501d6 --- /dev/null +++ b/docs/grml-sniff.8.txt @@ -0,0 +1,132 @@ +grml-sniff(8) +============ + +NAME +---- +grml-sniff - script for configuring a network sniffing setup + +SYNOPSIS +-------- +*grml-sniff* [OPTIONS] + +DESCRIPTION +----------- +This manual page documents briefly the *grml-sniff* command. +*grml-sniff* is a script for configuring a network sniffing setup. +It does NOT sniff on a hub/switch but instead sets up a man-in-the-middle (MITM) +configuration using a bridge device with two network devices. + +OPTIONS +------- + + *start*:: + +Start sniffing setup. + + *stop*:: + +Stop sniffing setup (set interfaces down and remove bridge device). + + *restart*:: + +Restart grml-sniff. + + *status*:: + +Display status of configuration. + + *info*|*-h*|*--help*:: + +Show usage information. + +Usage example +------------- + +This section describes the setup and configuration for capturing network traffic +on a setup like follows (assuming the 'Sniffing Computer' is the box where +you are using Grml with grml-sniff): + + Hub/Switch/Router + ^ + | + | Interface known as 'eth0' in the documentation + | + | + v Interface known as 'eth2' + Sniffing Computer <---------------------------> Control Computer (optional, + ^ providing GUI, Wireshark, + | Backup of dumpfiles, etc) + | + | Interface known as 'eth1' in the documentation + | + v + Client System + +Disable DHCP +~~~~~~~~~~~~ + +Start with booting Grml using the 'nodhcp' bootoption. This makes sure that no +network configuration is being executed automatically while booting. If you +booted your Grml system without the nodhcp option by accident, just execute +'killall pump; killall dhclient' after booting finished to make sure there +aren’t any running DHCP clients anymore. + +After booting finished check out the available network interfaces: + + ifconfig -a + +At least two interfaces should be present (usually named eth0 and eth1, that’s +what we are using in this documentation as well). Make sure the network cards +are connected with the hub/switch/router and the client accordingly! The third +interface (known as eth2 in this documentation) is just optional and not +necessary for sniffing itself. + +Simple (but not necessarily 100% reliable) check for network connnection using a +software command: + + ethtool eth0 + ethtool eth1 + ethtool eth2 + +Look for 'Advertised auto-negotiation: Yes' and 'Link detected: yes'. + +Configuration +~~~~~~~~~~~~~ + +Make sure the according network interfaces are configured as BRIDGE_DEVICES in +/etc/grml/router-setup. If you are using eth0 and eth1 you don't have to do +anything (the default is just fine)! Otherwise adjust BRIDGE_DEVICES in +/etc/grml/router-setup accordingly. For example if the devices you would like to +use within the sniffing bridge are named eth2 and eth4 use: + + BRIDGE_DEVICES='eth2 eth4' + +Start sniffing setup +~~~~~~~~~~~~~~~~~~~~ + +Assuming you configured /etc/grml/router-setup as documented in the previous +section, finally invoke grml-sniff: + + grml-sniff start + +That's it. Now your system should be set up accordingly for capturing network +traffic. + +Capturing traffic +~~~~~~~~~~~~~~~~~ + +Execute: + + tcpdump -s -C 50 -vvvv -w pcap -i br0 + +to generate files named pcap, pcap1, pcap2,... each with a file size of ~50MB. +Press CTRL-C to stop capturing traffic. You can analyse the generated pcap files +for example using wireshark(1). + +See also +-------- +grml-ap(8), grml-bridge(8), grml-router(8) + +AUTHOR +------ +grml-sniff was written by Michael Prokop . diff --git a/man/manpage.1.ex b/man/manpage.1.ex deleted file mode 100644 index 01690bf..0000000 --- a/man/manpage.1.ex +++ /dev/null @@ -1,59 +0,0 @@ -.\" Hey, EMACS: -*- nroff -*- -.\" First parameter, NAME, should be all caps -.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection -.\" other parameters are allowed: see man(7), man(1) -.TH GRML-NETWORK SECTION "Oktober 28, 2006" -.\" Please adjust this date whenever revising the manpage. -.\" -.\" Some roff macros, for reference: -.\" .nh disable hyphenation -.\" .hy enable hyphenation -.\" .ad l left justify -.\" .ad b justify to both left and right margins -.\" .nf disable filling -.\" .fi enable filling -.\" .br insert line break -.\" .sp insert n+1 empty lines -.\" for manpage-specific macros, see man(7) -.SH NAME -grml-network \- program to do something -.SH SYNOPSIS -.B grml-network -.RI [ options ] " files" ... -.br -.B bar -.RI [ options ] " files" ... -.SH DESCRIPTION -This manual page documents briefly the -.B grml-network -and -.B bar -commands. -.PP -.\" TeX users may be more comfortable with the \fB\fP and -.\" \fI\fP escape sequences to invode bold face and italics, -.\" respectively. -\fBgrml-network\fP is a program that... -.SH OPTIONS -These programs follow the usual GNU command line syntax, with long -options starting with two dashes (`-'). -A summary of options is included below. -For a complete description, see the Info files. -.TP -.B \-h, \-\-help -Show summary of options. -.TP -.B \-v, \-\-version -Show version of program. -.SH SEE ALSO -.BR bar (1), -.BR baz (1). -.br -The programs are documented fully by -.IR "The Rise and Fall of a Fooish Bar" , -available via the Info system. -.SH AUTHOR -grml-network was written by . -.PP -This manual page was written by Michael Prokop , -for the Debian project (but may be used by others). diff --git a/routersetup b/routersetup index 3beee06..ec1756f 100644 --- a/routersetup +++ b/routersetup @@ -3,14 +3,13 @@ # Authors: grml-team (grml.org), (c) Michael Prokop # Bug-Reports: see http://grml.org/bugs/ # License: This file is licensed under the GPL v2. -# Latest change: Don Okt 12 10:50:51 CEST 2006 [mika] ################################################################################ # configuration for grml-router: # IPTABLES=/sbin/iptables # the iptables binary OUTDEV='auto' # outgoing device [auto|default|eth0|...] -# configuration for grml-bridge: +# configuration for grml-bridge and grml-sniff: # BRCTL=/usr/sbin/brctl # the brctl binary BRIDGE_NAME='br0' # name used for the bridge BRIDGE_DEVICES='eth0 eth1' # the devices used for bilding the bridge diff --git a/sbin/grml-ap b/sbin/grml-ap index 4b1b51e..a6c4f62 100755 --- a/sbin/grml-ap +++ b/sbin/grml-ap @@ -4,7 +4,6 @@ # Authors: grml-team (grml.org), (c) Michael Prokop # Bug-Reports: see http://grml.org/bugs/ # License: This file is licensed under the GPL v2. -# Latest change: Mit Okt 11 23:00:43 CEST 2006 [moemoe] ################################################################################ # exit on any error diff --git a/sbin/grml-bridge b/sbin/grml-bridge index b15ad98..9ee19ab 100755 --- a/sbin/grml-bridge +++ b/sbin/grml-bridge @@ -4,12 +4,8 @@ # Authors: grml-team (grml.org), (c) Michael Prokop # Bug-Reports: see http://grml.org/bugs/ # License: This file is licensed under the GPL v2. -# Latest change: Mit Mär 26 23:02:52 CET 2008 [mika] ################################################################################ -# exit on any error -set -e - CONFIG_FILE=/etc/grml/routersetup . /etc/grml/lsb-functions . /etc/grml/script-functions @@ -59,7 +55,7 @@ case "$1" in done eoutdent - einfo "Enabling promiscous mode on: " + einfo "Enabling promiscuous mode on: " eindent for i in $BRIDGE_DEVICES ; do einfo "$i" @@ -88,7 +84,7 @@ case "$1" in ip a a $BRIDGE_IP dev $BRIDGE_NAME ;; NONE) - einfo "Leaving $BRIDGE_NAME uconfigured" + einfo "Leaving $BRIDGE_NAME unconfigured" ;; esac eoutdent @@ -113,7 +109,7 @@ case "$1" in done eoutdent - einfo "Disabling promiscous mode on: " + einfo "Disabling promiscuous mode on: " eindent for i in $BRIDGE_DEVICES ; do einfo "$i " diff --git a/sbin/grml-network b/sbin/grml-network index ac7cb4e..617c272 100755 --- a/sbin/grml-network +++ b/sbin/grml-network @@ -4,7 +4,6 @@ # Authors: (c) Klaus Knopper Mar 2004, (c) Michael Prokop # Bug-Reports: see http://grml.org/bugs/ # License: This file is licensed under the GPL v2. -# Latest change: Fre Apr 20 00:36:37 CEST 2007 [mika] ################################################################################ PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11R6/bin:/usr/local/bin" diff --git a/sbin/grml-pptp-inode b/sbin/grml-pptp-inode index 9446067..3c61d33 100755 --- a/sbin/grml-pptp-inode +++ b/sbin/grml-pptp-inode @@ -4,7 +4,6 @@ # Authors: grml-team (grml.org), (c) Andreas Gredler # Bug-Reports: see http://grml.org/bugs/ # License: This file is licensed under the GPL v2. -# Latest change: Tue Jul 22 01:13:08 CEST 2008 [mika] ################################################################################ ################################################################################ diff --git a/sbin/grml-pptp-vcgraz b/sbin/grml-pptp-vcgraz index f9e3fdc..fc2f6c7 100755 --- a/sbin/grml-pptp-vcgraz +++ b/sbin/grml-pptp-vcgraz @@ -4,7 +4,6 @@ # Authors: grml-team (grml.org), (c) Michael Prokop # Bug-Reports: see http://grml.org/bugs/ # License: This file is licensed under the GPL v2. -# Latest change: Sam Jän 26 00:12:57 CET 2008 [mika] ################################################################################ ################################################################################ diff --git a/sbin/grml-pptp-xdsl-students b/sbin/grml-pptp-xdsl-students index 1f549fb..a57a765 100755 --- a/sbin/grml-pptp-xdsl-students +++ b/sbin/grml-pptp-xdsl-students @@ -4,7 +4,6 @@ # Authors: grml-team (grml.org), (c) Martin Hecher # Bug-Reports: see http://grml.org/bugs/ # License: This file is licensed under the GPL v2. -# Latest change: Sam Jän 26 00:13:11 CET 2008 [mika] ################################################################################ ################################################################################ diff --git a/sbin/grml-router b/sbin/grml-router index d762adc..219ae19 100755 --- a/sbin/grml-router +++ b/sbin/grml-router @@ -4,12 +4,8 @@ # Authors: grml-team (grml.org), Ulrich Dangel , Michael Prokop # Bug-Reports: see http://grml.org/bugs/ # License: This file is licensed under the GPL v2. -# Latest change: Sam Okt 07 23:18:38 CEST 2006 [mika] ################################################################################ -# exit on any error -set -e - CONFIG_FILE=/etc/grml/routersetup . /etc/grml/lsb-functions . /etc/grml/net-functions diff --git a/sbin/grml-sniff b/sbin/grml-sniff new file mode 100755 index 0000000..3722c6a --- /dev/null +++ b/sbin/grml-sniff @@ -0,0 +1,122 @@ +#!/bin/sh +# Filename: grml-sniff +# Purpose: script for configuring a network sniffing setup +# Authors: grml-team (grml.org), (c) Michael Prokop +# Bug-Reports: see http://grml.org/bugs/ +# License: This file is licensed under the GPL v2. +################################################################################ + +CONFIG_FILE=/etc/grml/routersetup +. /etc/grml/lsb-functions +. /etc/grml/script-functions + +usage_info() +{ + einfo "$0 - script for configuring a network sniffing setup" + einfo "Configure via $CONFIG_FILE - see man 8 grml-sniff" ; eend 0 +} + +if ! [ -r "$CONFIG_FILE" ] ; then + eerror "$CONFIG_FILE could not be read." + exit 1 +fi + +. "$CONFIG_FILE" + +if [ -z "$BRIDGE_DEVICES" ] ; then + eerror "Bridge devices (\$BRIDGE_DEVICES) not set in $CONFIG_FILE" + exit 1 +fi + +[ -n "$BRCTL" ] || BRCTL='brctl' +[ -n "$BRIDGE_NAME" ] || BRIDGE_NAME='br0' +[ -n "$BRIDGE_DEVICES" ] || BRIDGE_DEVICES='eth0 eth1' + +check4progs $BRCTL || exit 1 + +case "$1" in + start) + check4root || exit 1 + einfo "Starting sniffing setup" + eindent + einfo "Creating bridge device" + brctl addbr "$BRIDGE_NAME" + eend $? + + einfo "Bringing network device in promiscuous mode up:" + eindent + for i in $BRIDGE_DEVICES ; do + einfo "$i" + ifconfig "$i" -arp promisc 0.0.0.0 up ; eend $? + done + eoutdent + + einfo "Adding network devices to $BRIDGE_NAME:" + eindent + for i in $BRIDGE_DEVICES ; do + einfo "$i" + brctl addif "$BRIDGE_NAME" $i ; eend $? + done + eoutdent + + einfo "Bringing bridge $BRIDGE_NAME in promiscuous up" + ip link set "$BRIDGE_NAME" promisc on up ; eend $? + eoutdent + ;; + + stop) + check4root || exit 1 + einfo "Stopping sniffing setup" + eindent + einfo "Removing network devices from $BRIDGE_NAME: " + + eindent + for i in $BRIDGE_DEVICES ; do + einfo "$i " + brctl delif "$BRIDGE_NAME" $i ; eend $? + done + eoutdent + + einfo "Disabling promiscuous mode on: " + eindent + for i in $BRIDGE_DEVICES ; do + einfo "$i " + ip link set "$i" promisc off ; eend $? + done + eoutdent + + einfo "Bringing bridge $BRIDGE_NAME down" + ip link set "$BRIDGE_NAME" down; eend $? + + einfo "Removing bridge device $BRIDGE_NAME" + ifconfig "$BRIDGE_NAME" down || /bin/true + brctl delbr "$BRIDGE_NAME" + eend $? + eoutdent + ;; + + restart) + check4root || exit 1 + $0 stop + sleep 1 + $0 start + ;; + + info|-h|--help) + usage_info + ;; + + status) + check4root || exit 1 + einfo "$0 - status:" + $BRCTL show ; eend $? + ;; + + *) + echo "Usage: $0 {start|stop|restart|status|info}" + exit 1 + ;; +esac + +## END OF FILE ################################################################# +# vim: ft=sh expandtab ai diff --git a/sbin/grml-vpnc-tugraz b/sbin/grml-vpnc-tugraz index de34977..87d40f8 100755 --- a/sbin/grml-vpnc-tugraz +++ b/sbin/grml-vpnc-tugraz @@ -4,7 +4,6 @@ # Authors: grml-team (grml.org), (c) Michael Prokop # Bug-Reports: see http://grml.org/bugs/ # License: This file is licensed under the GPL v2. -# Latest change: Sam Jän 26 00:12:37 CET 2008 [mika] ################################################################################ # Documentation: diff --git a/sbin/modemlink b/sbin/modemlink index 9b4fc35..6e4599c 100755 --- a/sbin/modemlink +++ b/sbin/modemlink @@ -4,7 +4,6 @@ # Authors: (c) Klaus Knopper Mar 2004, (c) Michael Prokop # Bug-Reports: see http://grml.org/bugs/ # License: This file is licensed under the GPL v2. -# Latest change: Mit Okt 04 11:51:09 CEST 2006 [mika] ################################################################################ PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11R6/bin:/usr/local/bin" -- 2.1.4