Hak5 919 – Soldering with Snubs: LAN Taps and Perl + Graphviz = Twitter Maps

Soldering 101: Shannon builds a network tap. Perl and GraphViz for mapping twitter connections. Chrome tips and deauthing WiFi. All that and more this time on Hak5.

Download HD | Download MP4

Youtube Hak5 919.1: http://youtu.be/PgonvuFjKv0
Youtube Hak5 919.2: http://youtu.be/3zUsJm3bwGY
Youtube Hak5 919.3: http://youtu.be/dstJqu_O1v4

As you know I’m a huge fan of programming as a hobby. Picking up BASIC was one of the first major steps that led to me becoming the huge computer geek I am today. So when I saw an email from Hak5 fan Jason Cooper about his latest creation I just had to take a look.

Jason has developed a really nifty perl script that maps links between people on twitter. His first version outputs a file ready to be converted by GraphViz into a beautiful image.

I’ll demonstrate how to get started here in Linux, but this will work on any OS that supports Perl and GraphViz which is pretty much all the major platforms.

I’ve wget’d and unzip’d the twittermap code from HeckrothIndustries.co.uk

Running ./twitterMap we’re presented with the arguments. Running more on twitterMap reveals an explination of the options.

As a test I’m going to run twitterMap with –breadth-search –limit=3 –max-pages=3 –output-file=hak5darren1.map –twitterid=hak5darren

This is going to take a moment while the script combs through the last three pages of my tweets and follows back 3 levels deep through messages sent to and from the specified account.

Jason hopes to add the option to map followers in addition to messages and the option to produce word lists from tweets.

Once twitterMap finishes I’ll be left with the output file specified. If I less the output file I can see a list of twitter IDs and their relationships. The colors correspond to relationship. Red is the origin while blue represents neighbors, black third parties and orange IDs that haven’t been looked at.

Using GraphViz the output file can be converted into an image with the syntax “”fdp -o hak5darren1.png -Tpng hak5darren1.map””

This may take a bit so while GraphViz is processing you may want to pop back over to Jason’s site and take a peek at some of his other creations – like sssDetect, which detects when you’ve been a victim of Moxie’s sslStrip tool, or a nifty catch game for the GP2X.

Once complete you’ll find a PNG file in your source directory and honestly, it looks fantastic.

This is a great example of the spring model image GraphViz is able to produce from a simple conversion file.

Thanks so much for sending this in Jason. I wasn’t even aware of GraphViz and playing with the code made my day.

So what are you hacking away at? Got any code to send my way? Hit me up — [email protected], maybe we’ll have your program on the show.

Kerby’s I Can Haz Cheezburger Kitty of the week

halp! i not cheezburger!

Packet sniffing with a LAN Tap

Today we’re packet sniffing — and no it’s not a black hat man in the middle attack. If you’re a network administrator or anyone who has to troubleshoot network issues you should have a passive network tap in your toolkit.

A network tap is basically a piece of hardware that lets you see the data flowing across a network. In a lot of cases you can use a computer to monitor the traffic between two points on the network, say between your router and switch.

Suffice it to say, if the network between points A and B are of the physical ethernet cable variety, a “”network tap”” is the best way to take a look at the traffic. A tap has at least three ports: an A port, a B port, and a monitor port.

For example the A port could be connected to the switch providing Internet access and the B port could be connected to the computer you’d like to monitor. And the monitor port is just that- a port that lets you monitor what’s in between.

Network taps are commonly used for network intrusion detection systems, VoIP recording, network probes, and packet sniffing, along with several other uses. Taps are used in security applications because they are non-obtrusive, in most cases aren’t detectable on the network, and can deal with full-duplex connections.

In our case, this network tap will work indefinitely since it doesn’t even need power. Passive network taps are almost the same thing as a general network tap, except these do not need power, there is no built-in computer or moving parts, and it’s just a few wires and connectors that will move data from one point to another.

You can build a passive network tap for under 20 bucks from parts at your local hardware store. A while back our friend Mike Ossmann built a 5-in-1 network admin cable that could do all sorts of stuff like Serial Console, Cross-Over and part of that was a passive network tap in a sort of throwing star design. Since then the Throwing Star LAN Tap has born under the Great Scott Gadgets brand.

This little guy is a small, simple device for monitoring Ethernet communications. To the target network, the Throwing Star LAN Tap looks just like a section of cable, but the wires in the cable extend to the monitoring ports in addition to connecting one target port to the other. You can use the Star along with tcpdump or Wireshark to collect data.

Now the throwing-star comes as a kit so you’ll have to solder it together yourself, which is half the fun. The tap comes in 7 pieces, the printed circuit board, four modular connectors and two capacitors.
Normal gigabit signals travel in both directions and it’s impossible to build a completely passive tap. There are gigabit taps but they’re like 1000 bucks, so yeah – no thanks. To overcome this limitation though, the throwing star gracefully degrades the signal with these two supplied capacitors that force the connection down to 100 Mbits by adding a slight noise to the line. Unless you’re using a really really long cable this shouldn’t become an issue and in most cases the tapped device will just drop down to 100mbit without trouble.
You will also need a soldering iron, some electrical solder (i’m using rosin core solder with flux build in), and a pair of wire cutters. Insert the four connectors into the circuit board. Be careful that each of the leads extends through the circuit board before snapping the connector fully into place. Insert the two capacitors through the circuit board. Once the iron is hot, place just a bit of solder on the tip. This is called tinning, which prevents the tip from oxidizing. Oxidization is bad because the solder wont adhere to oxidized surfaces. Solder both the 8 leads on the connectors and the leads of each capacitor and clip off the excess with wire cutters. There are 36 solder points on this board, which should take just a few minutes once you get going… Ok, with the board soldered it’s time to start using it. For this part I’ve asked Darren to play the victim here and we’ll start tapping his connection.

Connect the computer to the network through the throwing star in line on ports J1 and J2. Connect another ethernet cord to J3 and/ or J4 and plug it into your computer that you’ll be sniffing packets on. One monitor port is send, the other is receive.

Next on your computer, set your ethernet adaptor to promiscious mode. To do so in Linux, type ifconfig eth0 promisc where eth0 is your ethernet adaptor. You can check that the adapter went into promiscuous mode by typing ifconfig eth0 and looking for PROMISC. Now fire up your fav packet sniffer, I’m going to use Wireshark because its built into BT5 already. Click applications> backtrack> information gathering> network analysis> net traffic analysis> wireshark. Then to start viewing traffic, click on eth0 or choose interfaces under capture and click start next to eth0. If all works you should start seeing packets being sniffed. If I want to filter say IRC, I’ll type IRC up in the filter box, click apply, and I should start seeing whatever Darren is sending.

To tap both transmit and and receive you’ll need a second ethernet adapter, like this little USB guy here. Either fire up a second instance of Wireshark or TCP Dump to tap eth0 and eth1 or bridge the connections together.

This is a must for any network geek so head over to ossmann.com for the plans on build your own, or pop by the hakshop to have one delivered right to your door.

Nibble: Chrome task manager

I love Chrome. You love Chrome. Well, maybe you love Opera — nothin’ wrong with that. But if a page is harshin’ on your Chrome vibe go ahead and kill it with this keyboard combo. SHIFT+ESC brings up Chrome’s built-in task manager, cluing you into all sorts of details about every tabs memory, CPU and network usage. Right-click to get even more nitty gritty, or just kill the tabs process. There’s even a “”stats for nerds”” link that’ll bring you to about:memory for more than you ever wanted to know about how that flash game’s robbing your resources. Sorry Adobe — just sayin’

You know the deal, hak5.wpengine.com/nibble — keep ’em under 8 bits.

If you’re into Hak5 you’ll love our new show by hosts Darren Kitchen and Shannon Morse. Check out HakTip!

Whether you’re a beginner or a pro, HakTip is essential viewing for current and aspiring hackers, computer enthusiasts, and IT professionals. With a how-to approach to all things Information Technology, HakTip breaks down the core concepts, tools, and techniques of Linux, Wireless Networks, Systems Administration, and more

And let’s not forget to mention that you can follow us on Twitter and Facebook, Subscribe to the show and get all your Hak5 goodies, including the infamous WiFi Pineapple over at HakShop.com. If you have any questions or suggestions please feel free to contact us at [email protected].

Join modding wizard Ben Heck and friends as they build and modify a host of amazing community-inspired creations. Be sure to watch the most recent episode of The Ben Heck Show where Ben builds an Arduino-powered, exterior-mounted camera system for an off-road vehicle. The setup enables the driver to control the cameras from inside the cabin to get a better view of obstacles while driving on rugged, off-road terrain. This show about building, modding and electronics culture is brought to you exclusively by element14. Be sure to visit element14.com/tbhs for a chance to win one of Ben’s latest builds!

I’m here to tell you about a tool that will help you save time and money and make you look like a hero to clients or colleagues GoToAssist Express – by Citrix. Lets you easily resolve computer issues in real time OR after hours. Even work while your customers are away from their computers, dramatically boosting your productivity. In fact, on average, Go To Assist Express users report a 40% increase in productivity – that’s like getting 2 extra work days back a week! Try GoToAssist Express FREE for 30 Days. For this special offer visit

.TV is the best domain name for websites with video. If you want to build a video site or if your website has a play button, I recommend getting a .TV domain. A .TV website lets you showcase your original content and create a unique site, not just another YouTube channel. Just go to Domain.com and search for the perfect .TV domain for your new idea. Then use coupon code Hak5 at checkout to save an extra 15%. If you need to host your .TV website, don’t forget about Domain.com’s web hosting plans. They’re less than six bucks a month and have everything you need to build, maintain, and promote your site. Remember – when you think domain names, think Domain dot com. Got a great idea? It all starts with a great domain. Domain.com


  • pittman

    Episode [email protected]:57 Darren says hell put the names of some “point and click” WEP cracking tools in the show notes. I see none in the notes! I do security testing for a living, so if I could show customers why WEP is such a bad idea with a n00b-esque tool (rather than the “complexity” of the aircrack suite) that would be fantastic.

  • VMBiohazard

    Use this for the download link….They accidently put ‘haktip’ in the url which is not valid. Remove that part and you are fine for any one of them.

    High DeHDf,




  • VMBiohazard

    Use this for the download link….They accidently put ‘haktip’ in the url which is not valid. Remove that part and you are fine for any one of them.





  • Truloph

    The Dark Avener is the Answer to the Trivia Answer. Just for a little food for the mind that the first sight of a Virus that was created in 1989. In Which has a string in it saying “This Program was written in the city of Sofia”.

  • Pingback: twitterMap on Hak5 « Heckroth Industries

  • SuperJotas

    I was very happy to find this web site. I need
    to to thank you for your time due to this wonderful read!!
    I definitely appreciated every part of it and i also
    have you book-marked to check out new things in your website.

  • Johnny

    Use the tool forcefully on zones which are susceptible to unpleasant cellulite build up.

    The emulsion be hypothetical to be practical only to clean conceal (preferably by scrub
    or peel), plus energetic skin (make active grinding at least
    two minutes), or else not ready to correctly hide the compensation of the drug strength of mind come up to to not anything.

    So before resorting to this kind of cellulite treatment, conduct your own extensive research.

  • Lucila Gayo

    24 7 Instant Check Loans Your lender has being licensed to
    become in a position to operate in your home state
    Lucila Gayo give who you are a chance to have ready and then start shopping.

  • louis vuitton travel bags

    There can be a list for directory of these sharks at sml999 website louis
    vuitton travel bags the result was civil
    war inside the democratic party in the economic stimulus and, another year, a republican takeover of congress.

  • ElroyRHollingworth

    Howdy! I know this is somewhat off-topic but I had to ask.
    Does operating a well-established blog such as yours take a lot of work?

    I’m brand new to blogging but I do write in my
    diary every day. I’d like to start a blog so I can easily share my experience and
    thoughts online. Please let me know if you have any kind of suggestions or tips for brand new aspiring bloggers.
    Appreciate it!

  • catering toronto

    Woah! I’m really loving the template/theme of this blog.
    It’s simple, yet effective. A lot of times it’s very hard to get
    that “perfect balance” between superb usability and appearance.
    I must say you’ve done a fantastic job with this.
    In addition, the blog loads extremely fast for me on Firefox.
    Superb Blog!

  • i am dieting and exercising but not losing weight

    The plans vegetables provide some carbohydrates, nevertheless the protein provides meal endurance and curbing of your appetite ability.
    Because there’s no scientific proof that it will
    help burn away your fat, you must function as the judge of if the thing is any actual benefits from applying this
    all natural remedy. This is very good to increase the aerobic side of the body and eventually increases amount of air you can inhale and energy you expend.

  • toy poodle

    Escaping debt can be a gradual process and uses a amount of small steps to
    achieve this ultimate goal toy poodle another company,
    the money shop, advertises its wares with
    a picture of an glossy, smiling woman proffering a
    tempting fistful of crisp 20 notes.

  • Leon

    Tower based strategy games for the i – Phone such as Tap Defense
    and Tower Madness are some of the most popular titles in the
    App Store. The next release dates in March and June were also
    missed before another single ‘Otis’ dropped in July. i – Tunes – millions of songs,
    thousands of movies and TV shows, so more.

  • DesiraeGNevil

    Hey! This is my first visit to your blog! We are a team of volunteers and starting a new project
    in a community in the same niche. Your blog provided us useful information to work on. You have done a marvellous job!

  • KenethLShehata

    We are a group of volunteers and opening a new scheme in our community.
    Your site provided us with valuable information to work on. You’ve done a
    formidable job and our whole community will be grateful to you.

  • ClementeJWhelpley

    I am extremely impressed together with your writing abilities and also with the structure
    in your blog. Is this a paid topic or did you customize it
    your self? Anyway stay up the excellent quality writing, it’s uncommon to see a nice blog like
    this one today..

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>