Re: Small hardware network sniffer - does it exist?

From: Ivan . (ivanhec@gmail.com)
Date: Mon Nov 06 2006 - 22:20:04 EST


Hi Isaac,

The Zaurus is not a $1k solution, here is one for $94US with 30mins
left to run on ebay

http://cgi.ebay.com/Sharp-Zaurus-SL-5500_W0QQitemZ250045290601QQihZ015QQcategoryZ38331QQrdZ1QQcmdZViewItem?hash=item250045290601

cheers
Ivan

On 11/7/06, Isaac Van Name <ivanname@southerlandsleep.com> wrote:
> The Soekris box seems the best solution. I've been reading the multiple
> recommendations for using a Zaurus or BlackDog... and I have to disagree.
> The BlackDog option requires a system that already has Linux or Windows on
> it to operate, and it imposes its own OS on top of the one on the system;
> while small, this would not seem to meet the need well. The Zaurus, while
> small, seems a bit overkill... why pay around $1000 for a portable unit that
> will be stationary when you can pay <$200 for a stationary unit that will do
> the same thing?
>
> I agree that BlackDog and the Zaurus are cool toys, and I'd love to buy them
> to play with... but, if you look at the initial problem, then neither of
> those meet the solution well. I'd say go with the Soekris.
>
>
> Isaac Van Name
> Systems Administrator
>
> "What good would you do with an ignorant employee? Ignorance is grounds for
> dismissal..." - Mario Spinthiras
>
> Open Source developing at its finest:
> "Written in vim, W3C valid and UTF-8 encoded, for her pleasure."
>
> Disclaimer: This email is intended only to be used to feign intellectual
> mastery of a subject or superhuman command of the English language, when
> profanity is involved. By reading this email, you are agreeing to cease all
> correspondence with the sender upon realizing your own ignorance, and
> furthermore to refrain from taking legal action against said sender when
> your compounding ignorance crushes your inadequate self-esteem. Have a nice
> day.
>
> Original> -----Original Message-----
> Original> From: listbounce@securityfocus.com
> [mailto:listbounce@securityfocus.com]
> Original> On Behalf Of Javier Reyna Padilla
> Original> Sent: Friday, November 03, 2006 6:01 AM
> Original> To: FocusHacks
> Original> Cc: Petr.Kazil@eap.nl; PenTest
> Original> Subject: Re: Small hardware network sniffer - does it exist?
> Original>
> Original> Thats exactly what I was going to recommend.
> Original>
> Original> 1. buy a soekris box
> Original> 2. install linux on it
> Original> 3. put network interfaces in bridge mode --- use bridge modules in
> Original> kernel and bridge-utils
> Original> 4. use iptables and ip-queue module
> Original> 5.- install snort and run with -Q switch
> Original> 6. send oll traffic from iptables to snort (snort-inline).
> Original> 7. Cancel your social lief
> Original> 8. buy a ton of coffe for reading all logs/capture
> Original> 9. have fun!
> Original>
> Original> FocusHacks wrote:
> Original> > http://www.soekris.com/
> Original> >
> Original> > They have some pretty small machines that are essentially
> headless
> Original> > 486s that can run BSD or Linux, and many of them have
> Original> > power-over-ethernet, multiple NICs, WiFi ability, etc.
> Original> >
> Original> > On 11/2/06, Petr.Kazil@eap.nl <Petr.Kazil@eap.nl> wrote:
> Original> >>
> Original> >> I have ordered a few hardware keyloggers to play with
> Original> >> (http://www.keelog.com/) and I was wondering if the same idea
> exists
> Original> for
> Original> >> networks?
> Original> >> A device that you could tape under a desk, and that would act
> as a
> Original> >> transparant bridge, sniffing all traffic.
> Original> >>
> Original> >> I know that you can use arp-spoofing to get a similar result
> (easier,
> Original> >> better?), and I know about hardware network taps.
> Original> >> But I'm still interested in the theoretical possibilities of
> this idea.
> Original> >>
> Original> >> I have a few old laptops, but these have just one PCMCIA
> network card,
> Original> so
> Original> >> bridging is not possible (well, with the right kind of network
> cards you
> Original> >> can get two in that slot - I'll see if you can still buy
> them). But
> Original> >> laptops are too big and heavy.
> Original> >>
> Original> >> I've looked at microcontrollers with ethernet adapters, but
> here I find
> Original> >> webserver appliances with just one network interface. They're
> small
> Original> >> but I'm
> Original> >> not sure if you could run an OS and a sniffer on them. I've
> looked at
> Original> >> miniboards but they are very expensive, too expensive for "just
> a toy".
> Original> >>
> Original> >> But, considering that you can get a 2-cigarette-pack sized
> Pix-firewall,
> Original> >> such hardware must exist. But I haven't found the right
> keywords yet.
> Original> Any
> Original> >> ideas?
> Original> >>
> Original> >> Greetings, Petr Kazil
> Original> >>
> Original> >>
> Original> >>
> ------------------------------------------------------------------------
> Original> >> This List Sponsored by: Cenzic
> Original> >>
> Original> >> Need to secure your web apps?
> Original> >> Cenzic Hailstorm finds vulnerabilities fast.
> Original> >> Click the link to buy it, try it or download Hailstorm for
> FREE.
> Original> >>
> Original>
> http://www.cenzic.com/products_services/download_hailstorm.php?camp
> Original> =701600000008bOW
> Original> >>
> Original> >>
> ------------------------------------------------------------------------
> Original> >>
> Original> >>
> Original> >
> Original> >
> Original>
> Original>
> Original>
> Original>
> ------------------------------------------------------------------------
> Original> This List Sponsored by: Cenzic
> Original>
> Original> Need to secure your web apps?
> Original> Cenzic Hailstorm finds vulnerabilities fast.
> Original> Click the link to buy it, try it or download Hailstorm for FREE.
> Original>
> http://www.cenzic.com/products_services/download_hailstorm.php?camp
> Original> =701600000008bOW
> Original>
> ------------------------------------------------------------------------
> Original>
>
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> ------------------------------------------------------------------------
>
>

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:18 EDT