RE: Small hardware network sniffer - does it exist?



The Soekris box seems the best solution. I've been reading the multiple
recommendations for using a Zaurus or BlackDog... and I have to disagree.
The BlackDog option requires a system that already has Linux or Windows on
it to operate, and it imposes its own OS on top of the one on the system;
while small, this would not seem to meet the need well. The Zaurus, while
small, seems a bit overkill... why pay around $1000 for a portable unit that
will be stationary when you can pay <$200 for a stationary unit that will do
the same thing?

I agree that BlackDog and the Zaurus are cool toys, and I'd love to buy them
to play with... but, if you look at the initial problem, then neither of
those meet the solution well. I'd say go with the Soekris.


Isaac Van Name
Systems Administrator

"What good would you do with an ignorant employee? Ignorance is grounds for
dismissal..." - Mario Spinthiras

Open Source developing at its finest:
"Written in vim, W3C valid and UTF-8 encoded, for her pleasure."

Disclaimer: This email is intended only to be used to feign intellectual
mastery of a subject or superhuman command of the English language, when
profanity is involved. By reading this email, you are agreeing to cease all
correspondence with the sender upon realizing your own ignorance, and
furthermore to refrain from taking legal action against said sender when
your compounding ignorance crushes your inadequate self-esteem. Have a nice
day.

Original> -----Original Message-----
Original> From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx]
Original> On Behalf Of Javier Reyna Padilla
Original> Sent: Friday, November 03, 2006 6:01 AM
Original> To: FocusHacks
Original> Cc: Petr.Kazil@xxxxxx; PenTest
Original> Subject: Re: Small hardware network sniffer - does it exist?
Original>
Original> Thats exactly what I was going to recommend.
Original>
Original> 1. buy a soekris box
Original> 2. install linux on it
Original> 3. put network interfaces in bridge mode --- use bridge modules in
Original> kernel and bridge-utils
Original> 4. use iptables and ip-queue module
Original> 5.- install snort and run with -Q switch
Original> 6. send oll traffic from iptables to snort (snort-inline).
Original> 7. Cancel your social lief
Original> 8. buy a ton of coffe for reading all logs/capture
Original> 9. have fun!
Original>
Original> FocusHacks wrote:
Original> > http://www.soekris.com/
Original> >
Original> > They have some pretty small machines that are essentially
headless
Original> > 486s that can run BSD or Linux, and many of them have
Original> > power-over-ethernet, multiple NICs, WiFi ability, etc.
Original> >
Original> > On 11/2/06, Petr.Kazil@xxxxxx <Petr.Kazil@xxxxxx> wrote:
Original> >>
Original> >> I have ordered a few hardware keyloggers to play with
Original> >> (http://www.keelog.com/) and I was wondering if the same idea
exists
Original> for
Original> >> networks?
Original> >> A device that you could tape under a desk, and that would act
as a
Original> >> transparant bridge, sniffing all traffic.
Original> >>
Original> >> I know that you can use arp-spoofing to get a similar result
(easier,
Original> >> better?), and I know about hardware network taps.
Original> >> But I'm still interested in the theoretical possibilities of
this idea.
Original> >>
Original> >> I have a few old laptops, but these have just one PCMCIA
network card,
Original> so
Original> >> bridging is not possible (well, with the right kind of network
cards you
Original> >> can get two in that slot - I'll see if you can still buy
them). But
Original> >> laptops are too big and heavy.
Original> >>
Original> >> I've looked at microcontrollers with ethernet adapters, but
here I find
Original> >> webserver appliances with just one network interface. They're
small
Original> >> but I'm
Original> >> not sure if you could run an OS and a sniffer on them. I've
looked at
Original> >> miniboards but they are very expensive, too expensive for "just
a toy".
Original> >>
Original> >> But, considering that you can get a 2-cigarette-pack sized
Pix-firewall,
Original> >> such hardware must exist. But I haven't found the right
keywords yet.
Original> Any
Original> >> ideas?
Original> >>
Original> >> Greetings, Petr Kazil
Original> >>
Original> >>
Original> >>
------------------------------------------------------------------------
Original> >> This List Sponsored by: Cenzic
Original> >>
Original> >> Need to secure your web apps?
Original> >> Cenzic Hailstorm finds vulnerabilities fast.
Original> >> Click the link to buy it, try it or download Hailstorm for
FREE.
Original> >>
Original>
http://www.cenzic.com/products_services/download_hailstorm.php?camp
Original> =701600000008bOW
Original> >>
Original> >>
------------------------------------------------------------------------
Original> >>
Original> >>
Original> >
Original> >
Original>
Original>
Original>
Original>
------------------------------------------------------------------------
Original> This List Sponsored by: Cenzic
Original>
Original> Need to secure your web apps?
Original> Cenzic Hailstorm finds vulnerabilities fast.
Original> Click the link to buy it, try it or download Hailstorm for FREE.
Original>
http://www.cenzic.com/products_services/download_hailstorm.php?camp
Original> =701600000008bOW
Original>
------------------------------------------------------------------------
Original>



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------



Relevant Pages

  • Re: Small hardware network sniffer - does it exist?
    ... The Zaurus is not a $1k solution, here is one for $94US with 30mins ... and I know about hardware network taps. ... Original>>> Cenzic Hailstorm finds vulnerabilities fast. ... Original> Click the link to buy it, try it or download Hailstorm for FREE. ...
    (Pen-Test)
  • RE: Using viruses in pen-test
    ... I wonder if there is some type of "fake" virus you could use in this case. ... David A. Swafford, Network Engineer ... I wish to know your views on "Using viruses in pen-test"I ... Cenzic Hailstorm finds vulnerabilities fast. ...
    (Pen-Test)
  • Re: unswitched behavior of a switched network...
    ... Perhaps you have a loop in your network, or even a sort of spanning tree (double connected wire to One switch) which spams your network?! ... "Content-addressable memory (CAM) overflow: A CAM table is used to ... Cenzic Hailstorm finds vulnerabilities fast. ...
    (Pen-Test)
  • Re: pentest documentation
    ... David A. Swafford, Network Engineer ... EC-Council Certified Ethical Hacker ... Need to secure your web apps? ... Cenzic Hailstorm finds vulnerabilities fast. ...
    (Pen-Test)
  • Re: The legal / illegal line?
    ... "Access" means to gain entry to, instruct, or communicate with the logical, arithmetical, or memory function resources of a computer, computer system, or computer network. ... I think that a client who thinks they are secure though they are not is ... then you have some better references to provide to new clients (with the ... Cenzic Hailstorm finds vulnerabilities fast. ...
    (Pen-Test)