Recently something amazing was added in my university's library: You can ask not only for for books but also for electronic programming bundles such as raspberry or arduino kits. I decided to take a raspberry pi kit in order to make an experiment: A network capture probe.
A network capture probe is a tool for network system monitoring that allows you to capture traffic in real-time. I learned about this technique not long ago when I met a guy who was wearing one of those in his bag everywhere using his raspberry pi, neat, eh?. Now I want to try the same...
I downloaded the latest version of raspbian , burnt a 8GB MicroSD, installed Etcher, installed the raspbian ISO in the card using Etcher, and connecting the RPI to a screen using hdmi. I also attached a keyboard and a mouse. I had a RPI screen too, so I also did some magic to adjust to it later, as well as the wifi pin, but important things first. I must say I tried to download bro tool first, but I didn't have enough space to compile it in my 8GB card... ups.
Once I installed Raspbian I opened the terminal and installed tcpdump using apt-get install tcpdump
, take care of the sudo
, too. Why? I wrote an easy script to capture stuff using tcpdump. Here it is:
#!/bin/bash
eval namedir=$1
eval net=$2
count=0
number=5
mkdir $namedir
cd $namedir
while [ $count -lt 1000 ]
do
tcpdump -A -w $count_.pcap -c $number -i $2
echo "just captured $number packets"
done
It's a simple example, with many details to polish. In this case, the first parameter is the name of the directory, second is the name of the wifi card. An option is any
for any card. Anyway these are examples of the input:
# ./script.sh trial wlan0
# ./script.sh trial eth1
# ./script.sh trial any
An output inside the directory we created would be 0_.pcap 1_.pcap 2_.pcap
and so it goes. Each pcap will contain the ASCII (-A
) information of five (number=5
) packets. To read them, there's the -r
tcpdump command. Another idea to make it prettier would be using -D
command, which show the list of available interfaces, save it in a file and use the file in a for
loop to save information. But I haven't tried it yet. Anyway is a fun toy to play with an a nice tool to practise Network System Monitoring in random networks. Be careful tho ;)