RE: Small hardware network sniffer - does it exist?

From: Porter, Thomas (Tom) (tporter@avaya.com)
Date: Tue Nov 07 2006 - 22:13:57 EST

This can be done at home. I'm running a Linux 2.6 kernel on a Freescale Coldfire setup w/ two FECs, boa to visualize the results, ssh, and a somewhat (still) flaky packet sniffer that is getting closer everyday to working. You can see more details about this on my website: http://www.dtool.com. This is not a commercial product (yet)

Best, Tom

PS. Shouts out to Danny K for the cool SSL stuff

Thomas Porter, PHD | Sr. Security Architect | Consulting & Systems Integration | Avaya Global Services | Virtual Office: 919.967.2909 | Mobile: 919.593.1570 | Email:tporter@avaya.com | IM: AvayaTPorter

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On Behalf Of Rogan Dawes
Sent: Monday, November 06, 2006 9:57 PM
To: Petr.Kazil@eap.nl
Cc: PenTest
Subject: Re: Small hardware network sniffer - does it exist?

Petr.Kazil@eap.nl wrote:
> I have ordered a few hardware keyloggers to play with
> (http://www.keelog.com/) and I was wondering if the same idea exists
> for networks?
> A device that you could tape under a desk, and that would act as a
> transparant bridge, sniffing all traffic.
>
> I know that you can use arp-spoofing to get a similar result (easier,
> better?), and I know about hardware network taps.
> But I'm still interested in the theoretical possibilities of this idea.
>
> I have a few old laptops, but these have just one PCMCIA network card,
> so bridging is not possible (well, with the right kind of network
> cards you can get two in that slot - I'll see if you can still buy
> them). But laptops are too big and heavy.
>
> I've looked at microcontrollers with ethernet adapters, but here I
> find webserver appliances with just one network interface. They're
> small but I'm not sure if you could run an OS and a sniffer on them.
> I've looked at miniboards but they are very expensive, too expensive for "just a toy".
>
> But, considering that you can get a 2-cigarette-pack sized
> Pix-firewall, such hardware must exist. But I haven't found the right
> keywords yet. Any ideas?
>
> Greetings, Petr Kazil

This looks like the answer to your question - I can't really imagine anything smaller!

http://www.arxceo.com/

And

http://linuxdevices.com/news/NS2860172381.html

The Yoggie will supposedly also support an SDIO wireless card, so you can bridge and snoop AND get remote access at the same time.

Regards,

Rogan

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:18 EDT