• No results found

A DIY Hardware Packet Sniffer

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "A DIY Hardware Packet Sniffer"

Copied!
16
0
0

Loading.... (view fulltext now)

Download now ( 16 Page )

Full text

(1)

14 149 115

0 121

91 13 137 105 R

G B

142 230 0

127 205 0

137 222

0 R

G B

242 174 107

255 131

0 240 161 82 R

G B 166

166 166

140 140 140

159 159 159 R

G B

207 19 149

177 18 128

202 20 146 R

G B

1 152 255

0 137 230 0 122 201 R

G B

0 63 137

0 59 130 0 44 95 R

G B

103 66 148

87 55 125 75 48 108 R

G B

241 93 104

237 41 57

238 68 80 R

G B

164 208 197

45 136 113

0 109

85 0 93 69 R

G B

Tables

0 130 102

0 109

85 R

G B

230 234 232

201 213 207

182 197 190

171 188 179 R

G B

Competitors

A DIY Hardware Packet Sniffer

Affordable Penetration Testing for the Individual

Veronica Swanson: University of California, Irvine

CyberSecurity for the Next Generation”

North American Round, New York

(2)

14 149 115

0 121

91 13 137 105 R

G B

142 230 0

127 205 0

137 222

0 R

G B

242 174 107

255 131

0 240 161 82 R

G B 166

166 166

140 140 140

159 159 159 R

G B

207 19 149

177 18 128

202 20 146 R

G B

1 152 255

0 137 230 0 122 201 R

G B

0 63 137

0 59 130 0 44 95 R

G B

103 66 148

87 55 125 75 48 108 R

G B

241 93 104

237 41 57

238 68 80 R

G B

164 208 197

45 136 113

0 109

85 0 93 69 R

G B

Tables

0 130 102

0 109

85 R

G B

230 234 232

201 213 207

182 197 190

171 188 179 R

G B

Why DIY?

System security is important, and penetration testing can be essential to ascertaining and improving the level of security of your system.

But what about the cost? Large-scale penetration tests from security firms can be costly, and even commercial penetration testing devices can be expensive for the individual.

Creating your own device is less expensive and offers

potential for customization.

(3)

14 149 115

0 121

91 13 137 105 R

G B

142 230 0

127 205 0

137 222

0 R

G B

242 174 107

255 131

0 240 161 82 R

G B 166

166 166

140 140 140

159 159 159 R

G B

207 19 149

177 18 128

202 20 146 R

G B

1 152 255

0 137 230 0 122 201 R

G B

0 63 137

0 59 130 0 44 95 R

G B

103 66 148

87 55 125 75 48 108 R

G B

241 93 104

237 41 57

238 68 80 R

G B

164 208 197

45 136 113

0 109

85 0 93 69 R

G B

Tables

0 130 102

0 109

85 R

G B

230 234 232

201 213 207

182 197 190

171 188 179 R

G B

Competitors

The Hardware Packet Sniffer

The HPS was designed to be a simple, small, concealable, DIY packet sniffer

Simply plug the HPS into an open Ethernet port and it will receive packets of data being sent on the network and

transmit them to a given MAC and IP address.

It’s Cheap! Other penetration testing devices can be much

more expensive. Total development costs came to $43.99.

(4)

14 149 115

0 121

91 13 137 105 R

G B

142 230 0

127 205 0

137 222

0 R

G B

242 174 107

255 131

0 240 161 82 R

G B 166

166 166

140 140 140

159 159 159 R

G B

207 19 149

177 18 128

202 20 146 R

G B

1 152 255

0 137 230 0 122 201 R

G B

0 63 137

0 59 130 0 44 95 R

G B

103 66 148

87 55 125 75 48 108 R

G B

241 93 104

237 41 57

238 68 80 R

G B

164 208 197

45 136 113

0 109

85 0 93 69 R

G B

Tables

0 130 102

0 109

85 R

G B

230 234 232

201 213 207

182 197 190

171 188 179 R

G B

The Hardware

Atmel ATMEGA328P

• Functions as the host controller

• Interfaces with the ethernet controller via SPI

mikroETH Board

• Microchip ENC28J60 Ethernet Controller

• Interfaces with a network using an ethernet cable

• Sends and receives packets based on programmed MAC and IP

addresses

(5)

14 149 115

0 121

91 13 137 105 R

G B

142 230 0

127 205 0

137 222

0 R

G B

242 174 107

255 131

0 240 161 82 R

G B 166

166 166

140 140 140

159 159 159 R

G B

207 19 149

177 18 128

202 20 146 R

G B

1 152 255

0 137 230 0 122 201 R

G B

0 63 137

0 59 130 0 44 95 R

G B

103 66 148

87 55 125 75 48 108 R

G B

241 93 104

237 41 57

238 68 80 R

G B

164 208 197

45 136 113

0 109

85 0 93 69 R

G B

Tables

0 130 102

0 109

85 R

G B

230 234 232

201 213 207

182 197 190

171 188 179 R

G B

Competitors

ENC28J60 Ethernet Controller

By setting the Ethernet controller in promiscuous mode, the HPS can capture and store packets of data from the network that it is plugged into regardless of what MAC address the packets were intended for.

Once configured for Full-duplex mode, the Ethernet controller can simultaneously receive and transmit acquired data over Ethernet.

By programming a destination MAC and IP address into the

Ethernet controller, the HPS can then send the data it collects

to a specified device.

(6)

14 149 115

0 121

91 13 137 105 R

G B

142 230 0

127 205 0

137 222

0 R

G B

242 174 107

255 131

0 240 161 82 R

G B 166

166 166

140 140 140

159 159 159 R

G B

207 19 149

177 18 128

202 20 146 R

G B

1 152 255

0 137 230 0 122 201 R

G B

0 63 137

0 59 130 0 44 95 R

G B

103 66 148

87 55 125 75 48 108 R

G B

241 93 104

237 41 57

238 68 80 R

G B

164 208 197

45 136 113

0 109

85 0 93 69 R

G B

Tables

0 130 102

0 109

85 R

G B

230 234 232

201 213 207

182 197 190

171 188 179 R

G B

Ethernet Memory Organization

The memory in the Ethernet controller is static RAM, and is organized into three sections:

• Control Registers - provide access to the on-chip Ethernet

controller logic through the SPI interface. Separated into four banks of memory containing three types of registers

• ETH Registers

• MAC (Medium Access Control) Registers

• MII (Media Independent Interface) Registers

• Ethernet Buffers - an eight Kbyte memory split into a receive buffer and a transmit buffer where the data received and the data to be transmitted are stored.

• Physical Registers - used for configuration and control of the

physical device. Can only be accessed through MII registers.

(7)

14 149 115

0 121

91 13 137 105 R

G B

142 230 0

127 205 0

137 222

0 R

G B

242 174 107

255 131

0 240 161 82 R

G B 166

166 166

140 140 140

159 159 159 R

G B

207 19 149

177 18 128

202 20 146 R

G B

1 152 255

0 137 230 0 122 201 R

G B

0 63 137

0 59 130 0 44 95 R

G B

103 66 148

87 55 125 75 48 108 R

G B

241 93 104

237 41 57

238 68 80 R

G B

164 208 197

45 136 113

0 109

85 0 93 69 R

G B

Tables

0 130 102

0 109

85 R

G B

230 234 232

201 213 207

182 197 190

171 188 179 R

G B

Competitors

The Atmega328p Microcontroller

The microcontroller is the host controller used to program and operate the Ethernet controller over SPI.

Before the Atmega328p can be used as the host controller, the device needs to be configured for Master SPI mode.

• This is simply done by setting the directions of the SPI pins appropriately as shown.

Pin Name Pin Number SPI Master Direction

MOSI (Master Out Slave In) PB3 Output

MISO (Master In Slave Out) PB4 Input

SCK (Serial Clock) PB5 Output

SS (Slave Select) PB2 Output

(8)

14 149 115

0 121

91 13 137 105 R

G B

142 230 0

127 205 0

137 222

0 R

G B

242 174 107

255 131

0 240 161 82 R

G B 166

166 166

140 140 140

159 159 159 R

G B

207 19 149

177 18 128

202 20 146 R

G B

1 152 255

0 137 230 0 122 201 R

G B

0 63 137

0 59 130 0 44 95 R

G B

103 66 148

87 55 125 75 48 108 R

G B

241 93 104

237 41 57

238 68 80 R

G B

164 208 197

45 136 113

0 109

85 0 93 69 R

G B

Tables

0 130 102

0 109

85 R

G B

230 234 232

201 213 207

182 197 190

171 188 179 R

G B

SPI Interface

SPI is a data transfer protocol which allows a Master device to communicate with peripheral Slave devices.

• Data is shifted in bytes from the Master to the Slave, and from the Slave to the Master one bit at a time.

The Ethernet controller is designed to respond to a set of seven SPI instructions.

• Each instruction is 1 byte long followed by 1 byte of data if

applicable. The first 3 bits contain an opcode, and the following 5 bits are an argument.

(9)

14 149 115

0 121

91 13 137 105 R

G B

142 230 0

127 205 0

137 222

0 R

G B

242 174 107

255 131

0 240 161 82 R

G B 166

166 166

140 140 140

159 159 159 R

G B

207 19 149

177 18 128

202 20 146 R

G B

1 152 255

0 137 230 0 122 201 R

G B

0 63 137

0 59 130 0 44 95 R

G B

103 66 148

87 55 125 75 48 108 R

G B

241 93 104

237 41 57

238 68 80 R

G B

164 208 197

45 136 113

0 109

85 0 93 69 R

G B

Tables

0 130 102

0 109

85 R

G B

230 234 232

201 213 207

182 197 190

171 188 179 R

G B

Competitors

SPI Ethernet Controller Instructions

Instruction Name Opcode Argument Data

Read Control Register 0 0 0 a a a a a n/a

Read Buffer Memory 0 0 1 1 1 0 1 0 n/a

Write Control Register 0 1 0 a a a a a d d d d d d d d Write Buffer memory 0 1 1 1 1 0 1 0 d d d d d d d d Bit Field Set 1 0 0 a a a a a d d d d d d d d Bit Field Clear 1 0 1 a a a a a d d d d d d d d System Command (Soft Reset) 1 1 1 1 1 1 1 1 n/a

(10)

14 149 115

0 121

91 13 137 105 R

G B

142 230 0

127 205 0

137 222

0 R

G B

242 174 107

255 131

0 240 161 82 R

G B 166

166 166

140 140 140

159 159 159 R

G B

207 19 149

177 18 128

202 20 146 R

G B

1 152 255

0 137 230 0 122 201 R

G B

0 63 137

0 59 130 0 44 95 R

G B

103 66 148

87 55 125 75 48 108 R

G B

241 93 104

237 41 57

238 68 80 R

G B

164 208 197

45 136 113

0 109

85 0 93 69 R

G B

Tables

0 130 102

0 109

85 R

G B

230 234 232

201 213 207

182 197 190

171 188 179 R

G B

The software is composed of the three layers:

• Sniffing Application - appropriately executes the receive and transmit functions.

• Ethernet Firmware – configuring the Ethernet controller, as well as the receive and transmit functions.

• SPI Instructions - code initializing the Atmega328p to

operate in master mode for SPI and the SPI Ethernet controller instructions.

Sniffing Application

Ethernet Firmware

SPI Instructions

The Software

(11)

14 149 115

0 121

91 13 137 105 R

G B

142 230 0

127 205 0

137 222

0 R

G B

242 174 107

255 131

0 240 161 82 R

G B 166

166 166

140 140 140

159 159 159 R

G B

207 19 149

177 18 128

202 20 146 R

G B

1 152 255

0 137 230 0 122 201 R

G B

0 63 137

0 59 130 0 44 95 R

G B

103 66 148

87 55 125 75 48 108 R

G B

241 93 104

237 41 57

238 68 80 R

G B

164 208 197

45 136 113

0 109

85 0 93 69 R

G B

Tables

0 130 102

0 109

85 R

G B

230 234 232

201 213 207

182 197 190

171 188 179 R

G B

Competitors

Handling the Acquired Data

Once the HPS is in place and switched on, it will begin

transmitting data to the designated destination MAC and IP address.

To view and capture the data, a network protocol analyzer such as Wireshark, must be used.

• Implementing capture filters for source IP or MAC address can isolate the target packets.

(12)

14 149 115

0 121

91 13 137 105 R

G B

142 230 0

127 205 0

137 222

0 R

G B

242 174 107

255 131

0 240 161 82 R

G B 166

166 166

140 140 140

159 159 159 R

G B

207 19 149

177 18 128

202 20 146 R

G B

1 152 255

0 137 230 0 122 201 R

G B

0 63 137

0 59 130 0 44 95 R

G B

103 66 148

87 55 125 75 48 108 R

G B

241 93 104

237 41 57

238 68 80 R

G B

164 208 197

45 136 113

0 109

85 0 93 69 R

G B

Tables

0 130 102

0 109

85 R

G B

230 234 232

201 213 207

182 197 190

171 188 179 R

G B

Sample Wireshark Capture

(13)

14 149 115

0 121

91 13 137 105 R

G B

142 230 0

127 205 0

137 222

0 R

G B

242 174 107

255 131

0 240 161 82 R

G B 166

166 166

140 140 140

159 159 159 R

G B

207 19 149

177 18 128

202 20 146 R

G B

1 152 255

0 137 230 0 122 201 R

G B

0 63 137

0 59 130 0 44 95 R

G B

103 66 148

87 55 125 75 48 108 R

G B

241 93 104

237 41 57

238 68 80 R

G B

164 208 197

45 136 113

0 109

85 0 93 69 R

G B

Tables

0 130 102

0 109

85 R

G B

230 234 232

201 213 207

182 197 190

171 188 179 R

G B

Competitors

Building the Board

The device is wired according to the

displayed circuit diagram.

It is critical that the master and slave pins be wired

correctly for the SPI

protocols to function

properly

(14)

14 149 115

0 121

91 13 137 105 R

G B

142 230 0

127 205 0

137 222

0 R

G B

242 174 107

255 131

0 240 161 82 R

G B 166

166 166

140 140 140

159 159 159 R

G B

207 19 149

177 18 128

202 20 146 R

G B

1 152 255

0 137 230 0 122 201 R

G B

0 63 137

0 59 130 0 44 95 R

G B

103 66 148

87 55 125 75 48 108 R

G B

241 93 104

237 41 57

238 68 80 R

G B

164 208 197

45 136 113

0 109

85 0 93 69 R

G B

Tables

0 130 102

0 109

85 R

G B

230 234 232

201 213 207

182 197 190

171 188 179 R

G B

Building the Board

Part Price

mikroETH Board $24.00

AA 1.5V Battery $0.40

Bodhilabs AA Battery Holder with 3.3V Regulator $10.95

ATMEGA328P-PU Microcontroller $2.24

Perf Board $3.52

Short Ethernet Cable $1.85

328P Socket $0.17

Slide Switch $0.86

Total Price: $43.99

(15)

14 149 115

0 121

91 13 137 105 R

G B

142 230 0

127 205 0

137 222

0 R

G B

242 174 107

255 131

0 240 161 82 R

G B 166

166 166

140 140 140

159 159 159 R

G B

207 19 149

177 18 128

202 20 146 R

G B

1 152 255

0 137 230 0 122 201 R

G B

0 63 137

0 59 130 0 44 95 R

G B

103 66 148

87 55 125 75 48 108 R

G B

241 93 104

237 41 57

238 68 80 R

G B

164 208 197

45 136 113

0 109

85 0 93 69 R

G B

Tables

0 130 102

0 109

85 R

G B

230 234 232

201 213 207

182 197 190

171 188 179 R

G B

Competitors

Summary

The HPS is a simple, do it yourself packet sniffer for penetration testing.

The device is easy to fabricate

Less expensive than other penetration testing devices offered

on the market.

(16)

14 149 115

0 121

91 13 137 105 R

G B

142 230 0

127 205 0

137 222

0 R

G B

242 174 107

255 131

0 240 161 82 R

G B 166

166 166

140 140 140

159 159 159 R

G B

207 19 149

177 18 128

202 20 146 R

G B

1 152 255

0 137 230 0 122 201 R

G B

0 63 137

0 59 130 0 44 95 R

G B

103 66 148

87 55 125 75 48 108 R

G B

241 93 104

237 41 57

238 68 80 R

G B

164 208 197

45 136 113

0 109

85 0 93 69 R

G B

Tables

0 130 102

0 109

85 R

G B

230 234 232

201 213 207

182 197 190

171 188 179 R

G B

Thank You

Veronica Swanson: University of California, Irvine

CyberSecurity for the Next Generation”

North American Round, New York 15th – 17th November, 2012

References

Download now ( PDF - 16 Page - 1.07 MB )

Related documents

ETHERNET/IP PROGRAMMER'S GUIDE

Check if drive is configured with EtherNet/IP communication mode using Tolomatic Motion Interface Software. Check if Digital Outputs can be set/reset using EtherNet/IP O->T

The internetworking solution of the Internet. Single networks. The Internet approach to internetworking. Protocol stacks in the Internet

- IP router forwards packet to port 2 to reach Host C (based on IP level routing data using destination IP address of host C) - IP router needs Ethernet address of Host C to send

revista-cangurul-lingvist-engleza-2016-02-joey.pdf

46. Sean Mu Sean Mu rphy rphy lives lives in in London. Sean takes his Sean takes his children to children to school in school in the morning the morning. Sean likes to

Networks. Connecting Computers. Measures for connection speed. Ethernet. Collision detection. Ethernet protocol

 If network is clear computer will transmit or send the data until it arrives at the destination without colliding with any other packet. Ethernet

32-bit PCI 10/100/1000Mbps Gigabit Ethernet Card. User s Guide. FCC Warning. CE Mark Warning. VCCI Warning

Gigabit Ethernet is an extension of IEEE 802.3 Ethernet utilizing the same packet structure, format, and support for CSMA/CD protocol, full duplex, and management objects, but with

TCP/IP Fundamentals. OSI Seven Layer Model & Seminar Outline

When ARP response is received, DL module places an Ethernet frame around IP datagram with destination MAC address (0010FFD638A2) from ARP response and an IP Ethernet type (hex

Sensitivity of mid-19th century tropospheric ozone to atmospheric chemistry-vegetation interactions

In this study, simulations using an Earth System Model showed that changes in dry deposition and isoprene emissions due to vegetation change (1865 to 2000) are shown to have a

Kid's Box 2 on Line Test

Draw lines to complete the words.. Match to