Twisted pair sniffer from Wi-Fi router

Traffic passing through the twisted pair can be listened completely unnoticed by the participants in the connection.
In this post it will be shown how to make a standalone sniffer with the ability to save a dump to disk and controlled via Wi-Fi.

Theory

In 10 / 100Base-T networks, signal transmission occurs over two pairs of wires.
Tx - send
Rx - reception
The task is to connect the listened pair to the host pair of the sniffer.

')

Practice

Any router on which you can install DD-WRT (or OpenWRT ) firmware with the ability to connect a disk will do.
List of supported models.

For example the old Linksys WRT-54GL.

There is no way to connect flash drives there, but you can quite easily solder an SD or MMC card . I note only that the card before soldering is better formatted on a computer in the ext2 file system and GPIO set manually as in this manual . I soldered the contacts directly to the card, but to preserve the ability to remove the card, you can use the slot from the card reader or the microSD-> SD adapter



DD-WRT firmware is a miniature Linux. Which, if there is free disk space, easily becomes a full-featured system with a package manager.

On routers with a memory size of less than 32mb (as in my case of 16mb), the kernel is truncated and the installation process of the package manager is somewhat different from that in full firmware versions with jffs support .

Further, it is understood that the router is already flashed (without jffs support), a memory card or USB flash drive is already installed and installed in / mmc. Connect to telnet, root login, password set on the web.

Create a folder:

  mkdir / mmc / opt 

Mount it on the map (this command must be added to the start script via the web interface):

  mount -o bind / mmc / opt / opt 

Run the installer ipkg-opt (need internet):

  cd / mmc 

  wget http://www.3iii.dk/linux/optware/optware-install-ddwrt.sh 

  sh ./optware-install-ddwrt.sh 

Installation will take a few minutes. Further:

  ipkg-opt install libuclibc ++ 

The package manager is now ready to go. Update package list: ipkg-opt update . List the available packages: ipkg-opt list .
To collect traffic, tcpdump is required:

  ipkg-opt install tcpdump 

The listening port is WAN, in the system it is eth0. We connect crocodiles to the pair of interest (usually Tx is more interesting) and run a dump:

  tcpdump -i eth0 

Depending on the crimping pattern, the color of the pairs may be different. You can only determine the necessary experimentally, according to the value of destination and source.
Crocodiles should be soldered to a multi-conductor flexible cable, otherwise fragile wires will break off.



Starting tcpdump can also be added to the system startup script to start automatically after reboots.
You can connect to the router via wi-fi and download files, such as sftp (you need to enable SSH in the web interface).