A DIY Hardware Packet Sniffer



Similar documents
Using the HT46R46 I/O Ports to Implement Half-Duplex SPI Communication

Introduction the Serial Communications Huang Sections 9.2, 10.2 SCI Block User Guide SPI Block User Guide

Figure 1.Block diagram of inventory management system using Proximity sensors.

Implementing SPI Master and Slave Functionality Using the Z8 Encore! F083A

Implementing SPI Communication Between MSP430 G2452 and LTC ADC

AVR151: Setup and Use of the SPI. Introduction. Features. Atmel AVR 8-bit Microcontroller APPLICATION NOTE

The Programming Interface

AC-PG-USBASP USBASP AVR Programmer

A Research Study on Packet Sniffing Tool TCPDUMP

Microtronics technologies Mobile:

CAN bus board. EB018

Embedded Ethernet Interface Using Arm Processor

SPI I2C LIN Ethernet. u Today: Wired embedded networks. u Next lecture: CAN bus u Then: wireless embedded network

OpenCPN Garmin Radar Plugin

Network Security: Workshop

Microcontroller Based Low Cost Portable PC Mouse and Keyboard Tester

Application Note Gigabit Ethernet Port Modes

Pmod peripheral modules are powered by the host via the interface s power and ground pins.

TURBO PROGRAMMER USB, MMC, SIM DEVELOPMENT KIT

T3 Mux M13 Multiplexer

CCNA R&S: Introduction to Networks. Chapter 5: Ethernet

COMPUTER HARDWARE. Input- Output and Communication Memory Systems

Part 1. MAX BIT DAC with an Arduino Board. MIDI to Voltage Converter Part1

Software User Guide UG-461

What is LOG Storm and what is it useful for?

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

The I2C Bus. NXP Semiconductors: UM10204 I2C-bus specification and user manual HAW - Arduino 1

PICNet 1. PICNet 1 PIC18 Network & SD/MMC Development Board. Features. Applications. Description

Intrusion Detection, Packet Sniffing

DeviceMaster UP Modbus Controller to Controller Communication

Computer Systems Structure Input/Output

Snoopy. Objective: Equipment Needed. Background. Procedure. Due Date: Nov 1 Points: 25 Points

D8X / D16X IPHONE INTERFACE

Data Link Protocols. TCP/IP Suite and OSI Reference Model

Introduction to Routing and Packet Forwarding. Routing Protocols and Concepts Chapter 1

1 PC to WX64 direction connection with crossover cable or hub/switch

AND8336. Design Examples of On Board Dual Supply Voltage Logic Translators. Prepared by: Jim Lepkowski ON Semiconductor.

Introduction to Network Security Lab 1 - Wireshark

Lab VI Capturing and monitoring the network traffic

AVR317: Using the Master SPI Mode of the USART module. 8-bit Microcontrollers. Application Note. Features. Introduction

SafeSPI - Serial Peripheral Interface for Automotive Safety

User s Manual of Board Microcontroller ET-MEGA2560-ADK ET-MEGA2560-ADK

MOD-ENC28J60 development board Users Manual

In-System Programmer USER MANUAL RN-ISP-UM RN-WIFLYCR-UM

Raspberry Pi. Hans- Petter Halvorsen, M.Sc.

December 2002, ver. 1.0 Application Note 285. This document describes the Excalibur web server demonstration design and includes the following topics:

Building Blocks for PRU Development

Cisco TelePresence VCR MSE 8220

Understanding OpenFlow

Serial Communications

Virtual KNX/EIB devices in IP networks

Network Expansion Devices, Switches & Routers

Design and Verification of Nine port Network Router

10/100/1000 Ethernet MAC with Protocol Acceleration MAC-NET Core

M68EVB908QL4 Development Board for Motorola MC68HC908QL4

FSW-0505TX/0805TX 5/8 Port SOHO 10/100Mbps NWay Switch FSW-0505TX FSW-0805TX. 5/8 Port SOHO 10/100Mbps NWay Switch. User s Manual. (Revision 1.

Chapter 13. PIC Family Microcontroller

NB3H5150 I2C Programming Guide. I2C/SMBus Custom Configuration Application Note

ET-BASE AVR ATmega64/128

Tcpdump Lab: Wired Network Traffic Sniffing

Elettronica dei Sistemi Digitali Costantino Giaconia SERIAL I/O COMMON PROTOCOLS

AVR319: Using the USI module for SPI communication. 8-bit Microcontrollers. Application Note. Features. Introduction

How to monitor network traffic inside an ESXi host

DES-1005P 5-Port 10/100Mbps with 1-Port PoE Unmanaged Switch

Serial port interface for microcontroller embedded into integrated power meter

ENET-710. ENET Ethernet Module ENET-710 JAN / 06 FOUNDATION

Introduction To Computer Networking

AT15007: Differences between ATmega328/P and ATmega328PB. Introduction. Features. Atmel AVR 8-bit Microcontrollers APPLICATION NOTE

Procedure: You can find the problem sheet on Drive D: of the lab PCs. Part 1: Router & Switch

Microchip Technology. February 2008 Valerio Moretto Slide 1

PolyBot Board. User's Guide V1.11 9/20/08

CS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs

Keep it Simple Timing

AVR1309: Using the XMEGA SPI. 8-bit Microcontrollers. Application Note. Features. 1 Introduction SCK MOSI MISO SS

8-Bit Flash Microcontroller for Smart Cards. AT89SCXXXXA Summary. Features. Description. Complete datasheet available under NDA

Remote-Controlled Dissolved Oxygen Monitoring System

EvB 5.1 v5 User s Guide

8-bit RISC Microcontroller. Application Note. AVR910: In-System Programming

ABACOM - netpio.

GTS-4E Hardware User Manual. Version: V1.1.0 Date:

Single channel data transceiver module WIZ2-434

Network Troubleshooting with the LinkView Classic Network Analyzer

WIZ-Embedded WebServer User s Manual (Ver. 1.0)

Web Site: Forums: forums.parallax.com Sales: Technical:

TOE2-IP FTP Server Demo Reference Design Manual Rev1.0 9-Jan-15

FSM73xx GSM73xx GMS72xxR Shared access to the Internet across Multiple routing VLANs using a Prosafe Firewall

Exhibit n.2: The layers of a hierarchical network

ARM Ltd 110 Fulbourn Road, Cambridge, CB1 9NJ, UK.

Debugging Network Communications. 1 Check the Network Cabling

In the following installation procedures, do not disconnect the Mediatrix 3000 Series while the LEDs are flashing.

10/100 Mbps Ethernet MAC

8051 MICROCONTROLLER COURSE

Open Flow Controller and Switch Datasheet

USER MANUAL. PingBrother EPIW104 managed passive poe switch & IP watchdog

RN-131-PICTAIL & RN-171-PICTAIL Web-Server Demo Application

Computer Networks/DV2 Lab

Lab 2.0 Thermal Camera Interface

Securing Local Area Network with OpenFlow

Process Control and Automation using Modbus Protocol

Transcription:

A DIY Hardware Packet Sniffer Affordable Penetration Testing for the Individual Veronica Swanson: University of California, Irvine CyberSecurity for the Next Generation North American Round, New York 15 th 17 th November, 2012 PAGE 1

Why DIY? System security is important, and penetration testing can be essential to ascertaining and improving the level of security of your system. But what about the cost? Large-scale penetration tests from security firms can be costly, and even commercial penetration testing devices can be expensive for the individual. Creating your own device is less expensive and offers potential for customization. PAGE 2

The Hardware Packet Sniffer The HPS was designed to be a simple, small, concealable, DIY packet sniffer Simply plug the HPS into an open Ethernet port and it will receive packets of data being sent on the network and transmit them to a given MAC and IP address. It s Cheap! Other penetration testing devices can be much more expensive. Total development costs came to $43.99. PAGE 3

The Hardware Atmel ATMEGA328P Functions as the host controller Interfaces with the ethernet controller via SPI mikroeth Board Microchip ENC28J60 Ethernet Controller Interfaces with a network using an ethernet cable Sends and receives packets based on programmed MAC and IP addresses PAGE 4

ENC28J60 Ethernet Controller By setting the Ethernet controller in promiscuous mode, the HPS can capture and store packets of data from the network that it is plugged into regardless of what MAC address the packets were intended for. Once configured for Full-duplex mode, the Ethernet controller can simultaneously receive and transmit acquired data over Ethernet. By programming a destination MAC and IP address into the Ethernet controller, the HPS can then send the data it collects to a specified device. PAGE 5

Ethernet Memory Organization The memory in the Ethernet controller is static RAM, and is organized into three sections: Control Registers - provide access to the on-chip Ethernet controller logic through the SPI interface. Separated into four banks of memory containing three types of registers ETH Registers MAC (Medium Access Control) Registers MII (Media Independent Interface) Registers Ethernet Buffers - an eight Kbyte memory split into a receive buffer and a transmit buffer where the data received and the data to be transmitted are stored. Physical Registers - used for configuration and control of the physical device. Can only be accessed through MII registers. PAGE 6

The Atmega328p Microcontroller The microcontroller is the host controller used to program and operate the Ethernet controller over SPI. Before the Atmega328p can be used as the host controller, the device needs to be configured for Master SPI mode. This is simply done by setting the directions of the SPI pins appropriately as shown. Pin Name Pin Number SPI Master Direction MOSI (Master Out Slave In) PB3 Output MISO (Master In Slave Out) PB4 Input SCK (Serial Clock) PB5 Output SS (Slave Select) PB2 Output PAGE 7

SPI Interface SPI is a data transfer protocol which allows a Master device to communicate with peripheral Slave devices. Data is shifted in bytes from the Master to the Slave, and from the Slave to the Master one bit at a time. The Ethernet controller is designed to respond to a set of seven SPI instructions. Each instruction is 1 byte long followed by 1 byte of data if applicable. The first 3 bits contain an opcode, and the following 5 bits are an argument. PAGE 8

SPI Ethernet Controller Instructions Instruction Name Opcode Argument Data Read Control Register 0 0 0 a a a a a n/a Read Buffer Memory 0 0 1 1 1 0 1 0 n/a Write Control Register 0 1 0 a a a a a d d d d d d d d Write Buffer memory 0 1 1 1 1 0 1 0 d d d d d d d d Bit Field Set 1 0 0 a a a a a d d d d d d d d Bit Field Clear 1 0 1 a a a a a d d d d d d d d System Command (Soft Reset) 1 1 1 1 1 1 1 1 n/a PAGE 9

The Software The software is composed of the three layers: Sniffing Application - appropriately executes the receive and transmit functions. Ethernet Firmware configuring Sniffing Application the Ethernet controller, as well as the receive and transmit functions. Ethernet Firmware SPI Instructions - code initializing the Atmega328p to operate in master mode for SPI and the SPI Ethernet controller instructions. SPI Instructions PAGE 10

Handling the Acquired Data Once the HPS is in place and switched on, it will begin transmitting data to the designated destination MAC and IP address. To view and capture the data, a network protocol analyzer such as Wireshark, must be used. Implementing capture filters for source IP or MAC address can isolate the target packets. PAGE 11

Sample Wireshark Capture PAGE 12

Building the Board The device is wired according to the displayed circuit diagram. It is critical that the master and slave pins be wired correctly for the SPI protocols to function properly PAGE 13

Building the Board Part Price mikroeth Board $24.00 AA 1.5V Battery $0.40 Bodhilabs AA Battery Holder with 3.3V Regulator $10.95 ATMEGA328P-PU Microcontroller $2.24 Perf Board $3.52 Short Ethernet Cable $1.85 328P Socket $0.17 Slide Switch $0.86 Total Price: $43.99 PAGE 14

Summary The HPS is a simple, do it yourself packet sniffer for penetration testing. The device is easy to fabricate Less expensive than other penetration testing devices offered on the market. PAGE 15

Thank You Veronica Swanson: University of California, Irvine CyberSecurity for the Next Generation North American Round, New York 15 th 17 th November, 2012 PAGE 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information