remote capture using Wlanpi on osX

Following a small script call WLANPishark (https://github.com/wifinigel/WLANPiShark) created by @wifinigel, I wanted to do the same from a Mac osX client.

To be able to do it, we need to enable ssh access to the wlanpi without password and enable sudo command for a user without password.

Set password less access to the wlanpi

To enable ssh access without password, ssh authentication with rsa key must be enabled as well as disable sudo password for a user. in my example, all sudo command will not require password. it can be restricted only the one that you require (a little google search will show you how to do it)

On the wlanpi

  1. set up ssh connection using key exchange on the wlanpi
    1. modify /etc/sshd.conf to allow key authentication
      • RSAAuthentication yes
      • PubkeyAuthentication yes
    2. restart ssd daemon
      1. systemctl restart sshd
  2. create a new username (you can use your own username
    1. adduser username
  3. add new username to sudoers
    1. usermod -aG sudo username
  4. allow new user to run sudo without password
    1. sudo visudo
      1. add the following line at the end of the file
        1. username ALL=(ALL) NOPASSWD:ALL
        2. Note this is where you can restrict what command can be run or not

On your osX device

  1. generate rsa key
    1. run the commande ssh-keygen -t rsa
  2. copy the key to the wlanpi
    1. ssh-copy-id -i ~/.ssh/id_rsa.pub username@wlanpiipaddress
  3. test connection to validate
    1. ssh username@wlanpiipaddress
      1. No password should be required
  4. test sudo access without password
    1. type the commande sudo su –
      1. prompt should change to #

capturing the data

This is assuming that the wifi card is name wlan0

  • Kill all tcpdump process on the wlanpi ssh IPWLANPI “sudo -S pkill -f tcpdump”
  • Kill airmon-ng process ssh IPWLANPI “sudo -S airmon-ng check kill”
  • make sure that wlan0 is up ssh IPWLANPI “sudo -S ifconfig wlan0 up”
  • set wlan0 in monitor mode ssh IPWLANPI “sudo -S iw wlan0 set monitor none” 
  • set capture channel ssh IPWLANPI “sudo -S iw wlan0 set channel CHANNEL CHANNEL_WIDTH”
    • where channel width is HT20, HT40- or HT40+
  • start the capture process ssh IPWLANPI “sudo -S tcpdump -n -i wlan0 -U -s 0 -w – ” | wireshark -k -i –

wireshark will launch and you will see the packet from the wlanpi display in wireshark. the process is still manual. if can be put into a bash script to automate all the command by passing the interface, channel and channel width via parameter

 

Special thanks to Nigel for the inspiration

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s