1 (edited by ack 2011-02-22 19:48:42)

Topic: New OpenWRT package: etherpuppet

Hi all,

I would like to share with you my packaging for EtherPuppet,
EtherPuppet is a small program for Linux that will create a virtual interface (TUN/TAP) on one machine from the ethernet interface of another machine through a TCP connection. Everything seen by the real interface will be seen by the virtual one. Everything sent to the virtual interface will be emitted by the real one.

I find it very handy for one-off troubleshooting packet sniffing sessions, when setting up a monitor port on a switch is too much hassle, or even impossible.

I have tested the built package on Attitude Adjustment (trunk) running on a DIR-825-B2 router (as puppet) and Ubuntu 10.10 X64 (as master) and it works wonderfully well.
I have opened an enhancement ticket (#8913) in Trac which has the Makefile.

Hope you like it, hope that it will be included in OpenWRT :-)

2 (edited by ack 2011-02-22 20:15:55)

Re: New OpenWRT package: etherpuppet

An example of how to use EtherPuppet to sniff all traffic on a bridge (that's traffic between all ports, except that between the puppet and the master of course, that would create a huge snowball effect!)

I used 3 terminal shell sessions, of course you can script it to ease setup.

In the first session (which will be the puppet), do:
$ # Install on OpenWRT box, if not done already, needs openssh-sftp-server installed on router
$ scp etherpuppet_0.3_r90decf83d1d4-1_ar71xx.ipk root@192.168.1.1:/tmp
$ ssh root@192.168.1.1
root@192.168.1.1's password:
[..snip..]
# opkg install /tmp/etherpuppet_0.3_r90decf83d1d4-1_ar71xx.ipk
[..snip..]
# etherpuppet -i br-lan -s 4242 -C
Waiting for connection on port 4242...

In the 2nd session (which will be the master), do:
$ sudo ./etherpuppet -m -c 192.168.1.1:4242
[sudo] password for <user>:
Connecting to 192.168.1.1:4242...
I am 192.168.xxx.xxx:39172
Peer is 192.168.1.1:4242
Remote linktype is 1 (Ethernet)
Allocated interface is [puppet0]
Communication established!

In the 3rd session (used for interface setup), do:
$ # Show us the puppet! ;-)
$ sudo ifconfig puppet0 up
[sudo] password for <user>:
$ # Now start your sniffer...
$ wireshark

Enjoy :-)

Re: New OpenWRT package: etherpuppet

thanks seems very handy for reverse engineering.

Re: New OpenWRT package: etherpuppet

Great and thank you! let's hope it will be incorporated into OpenWRT soon.

Mazi

Re: New OpenWRT package: etherpuppet

ack wrote:

An example of how to use EtherPuppet to sniff all traffic on a bridge (that's traffic between all ports, except that between the puppet and the master of course, that would create a huge snowball effect!)

I used 3 terminal shell sessions, of course you can script it to ease setup.

In the first session (which will be the puppet), do:
$ # Install on OpenWRT box, if not done already, needs openssh-sftp-server installed on router
$ scp etherpuppet_0.3_r90decf83d1d4-1_ar71xx.ipk root@192.168.1.1:/tmp
$ ssh root@192.168.1.1
root@192.168.1.1's password:
[..snip..]
# opkg install /tmp/etherpuppet_0.3_r90decf83d1d4-1_ar71xx.ipk
[..snip..]
# etherpuppet -i br-lan -s 4242 -C
Waiting for connection on port 4242...

In the 2nd session (which will be the master), do:
$ sudo ./etherpuppet -m -c 192.168.1.1:4242
[sudo] password for <user>:
Connecting to 192.168.1.1:4242...
I am 192.168.xxx.xxx:39172
Peer is 192.168.1.1:4242
Remote linktype is 1 (Ethernet)
Allocated interface is [puppet0]
Communication established!

In the 3rd session (used for interface setup), do:
$ # Show us the puppet! ;-)
$ sudo ifconfig puppet0 up
[sudo] password for <user>:
$ # Now start your sniffer...
$ wireshark

Enjoy :-)

THX! But why don't you put your howto into the Wiki? That way it could be  *enhanced*  by others, as well. It would also be found more easily. I really do not understand this... If you leave it here, only a few people are going to stumble upon this, by chance.

Re: New OpenWRT package: etherpuppet

Great suggestion! When I have some more time (I am busy preparing for a trip to China but I do have some spare time left), I'll definitely add some info to the Wiki.