Today on Hak5, Remote packet analysis through SSH tunnels with Wireshark. Then, Microcontrollers! Shannon Morse reports. All that and more, this time on Hak5!
Wireshark over SSH
We can use SSH and Tcpdump to get live packet captures into Wireshark from a remotely deployed WiFi Pineapple.
This can build on our existing SSH relay segment using a server in the cloud and the AutoSSH infusion of the WiFi Pineapple. Similarly this will work on any hardware that supports SSH and tcpdump or tshark, like a Pi or Beaglebone.
For this example I'll be using tcpdump on WiFi Pineapple Mark V. We could also use tshark, the command-line equivalent to wireshark, however tcpdump is pre-installed on the WiFi Pineapple.
From our local machine we'll issue:
ssh root@wifipineapple tcpdump -U -s0 -i br-lan -w -
-U = print packets as they come rather than when the output buffer fills
-s0 = specifies 0 for the snaplen (snapshot length) - amount of data for each frame captured. 0 = 65535, or entire packet. By default tcpdump uses a SnapLen of 68 bytes for IPv4 packets and 96 bytes for IPv6 packets.
-i = interface. br-lan is bridge between AP & LAN on the WiFi Pineapple
-w = write file. ""-"" = standard output
'not port 22' = all traffic that isn't on the SSH port 22 (otherwise divide by zero - there goes the universe). tcpdump supports expressions like 'tcp port 80' or 'portrange 1-1023' or 'dst port 23' or 'not arp'
Now we have tcpdump output in our local terminal from our remote WiFi Pineapple. Next we'll pipe that data into Wireshark for analysis.
ssh root@wifipineapple tcpdump -U -s0 -i br-lan -w - 'not port 22' | wireshark -k -i -
| = pass the standard output of the first command into the standard input of the second command
wireshark = starts wireshark
-k = start the capture session immediately
-i = interface and ""-"" = standard input (the output of tcpdump on our remote WiFi Pineapple)
Props to Crazy52 for inspiring this segment
What is a Microcontroller? It's a small computer on a single integrated circuit that usually has a processor core, memory, and programmable I/O peripherals. A bit of RAM might be on the chip as well. Different from microprocessors used in computers. They can run on low power consumption, and can wait for an event to trigger them, such as a button press or a switch. A microcontroller has a bunch of electronic circuits all sitting on one board or 'chip' which is usually made of silicon or some other semiconductive material, making it an 'integrated circuit'.
What are they used for? Medical devices, toys, office machines, appliances, power tools, etc, and a regular household can have dozens of microcontrollers in their house with all the electronic devices.
When a microcontroller is inside some device, it's considered an embedded system. They have no OS, no screen, keyboard, or other items that a PC usually has connected to it. It can be connected up to input and output devices like switches, LED's, LCD displays, radio frequency devices, sensors, etc
Microcontrollers can run one program at a time, and that program is stored in the ROM. Hobbyists used microcontrollers that have internal flash or EEPROM program memory so they can be reprogrammed again and again. They come with some sort of IDE or Integrated Development Environment for you to write the code for your microcontroller.
Lots of companies make microcontrollers including Atmel, Intel, and Texas Instruments. The Arduino Uno is a microcontroller board that uses the Atmel 16u2 ATmega328 microcontroller and operates with 5v. The Arduino is programmed with C/C++.
Other boards: TI Launchpad, BeagleBone, R. Pi.
Since microcontrollers do not have an operating system present on the board or chip, they rely specifically on those inputs and outputs to tell them what to do, and the IDE code that you wrote and compiled generally only has one program written to execute. Sometimes you may have the need for an operating system for whatever program you are trying to create. In this case, you'd want to use a real-time operating system or RTOS. RTOS's have the ability to multitask, schedule, and more. Several of the RTOS's have been made open source, including DuinOS, FreeRTOS.