Hak5 919 – Soldering with Snubs: LAN Taps and Perl + Graphviz = Twitter Maps
Soldering 101: Shannon builds a network tap. Perl and GraphViz for mapping twitter connections. Chrome tips and deauthing WiFi. All that and more this time on Hak5.
As you know I’m a huge fan of programming as a hobby. Picking up BASIC was one of the first major steps that led to me becoming the huge computer geek I am today. So when I saw an email from Hak5 fan Jason Cooper about his latest creation I just had to take a look.
Jason has developed a really nifty perl script that maps links between people on twitter. His first version outputs a file ready to be converted by GraphViz into a beautiful image.
I’ve wget’d and unzip’d the twittermap code from HeckrothIndustries.co.uk
Running ./twitterMap we’re presented with the arguments. Running more on twitterMap reveals an explination of the options.
As a test I’m going to run twitterMap with –breadth-search –limit=3 –max-pages=3 –output-file=hak5darren1.map –twitterid=hak5darren
This is going to take a moment while the script combs through the last three pages of my tweets and follows back 3 levels deep through messages sent to and from the specified account.
Jason hopes to add the option to map followers in addition to messages and the option to produce word lists from tweets.
Once twitterMap finishes I’ll be left with the output file specified. If I less the output file I can see a list of twitter IDs and their relationships. The colors correspond to relationship. Red is the origin while blue represents neighbors, black third parties and orange IDs that haven’t been looked at.
Using GraphViz the output file can be converted into an image with the syntax “”fdp -o hak5darren1.png -Tpng hak5darren1.map””
This may take a bit so while GraphViz is processing you may want to pop back over to Jason’s site and take a peek at some of his other creations – like sssDetect, which detects when you’ve been a victim of Moxie’s sslStrip tool, or a nifty catch game for the GP2X.
Once complete you’ll find a PNG file in your source directory and honestly, it looks fantastic.
This is a great example of the spring model image GraphViz is able to produce from a simple conversion file.
Thanks so much for sending this in Jason. I wasn’t even aware of GraphViz and playing with the code made my day.
So what are you hacking away at? Got any code to send my way? Hit me up — [email protected], maybe we’ll have your program on the show.
Kerby’s I Can Haz Cheezburger Kitty of the week
Packet sniffing with a LAN Tap
Today we’re packet sniffing — and no it’s not a black hat man in the middle attack. If you’re a network administrator or anyone who has to troubleshoot network issues you should have a passive network tap in your toolkit.
A network tap is basically a piece of hardware that lets you see the data flowing across a network. In a lot of cases you can use a computer to monitor the traffic between two points on the network, say between your router and switch.
Suffice it to say, if the network between points A and B are of the physical ethernet cable variety, a “”network tap”” is the best way to take a look at the traffic. A tap has at least three ports: an A port, a B port, and a monitor port.
For example the A port could be connected to the switch providing Internet access and the B port could be connected to the computer you’d like to monitor. And the monitor port is just that- a port that lets you monitor what’s in between.
Network taps are commonly used for network intrusion detection systems, VoIP recording, network probes, and packet sniffing, along with several other uses. Taps are used in security applications because they are non-obtrusive, in most cases aren’t detectable on the network, and can deal with full-duplex connections.
In our case, this network tap will work indefinitely since it doesn’t even need power. Passive network taps are almost the same thing as a general network tap, except these do not need power, there is no built-in computer or moving parts, and it’s just a few wires and connectors that will move data from one point to another.
You can build a passive network tap for under 20 bucks from parts at your local hardware store. A while back our friend Mike Ossmann built a 5-in-1 network admin cable that could do all sorts of stuff like Serial Console, Cross-Over and part of that was a passive network tap in a sort of throwing star design. Since then the Throwing Star LAN Tap has born under the Great Scott Gadgets brand.
This little guy is a small, simple device for monitoring Ethernet communications. To the target network, the Throwing Star LAN Tap looks just like a section of cable, but the wires in the cable extend to the monitoring ports in addition to connecting one target port to the other. You can use the Star along with tcpdump or Wireshark to collect data.
Now the throwing-star comes as a kit so you’ll have to solder it together yourself, which is half the fun. The tap comes in 7 pieces, the printed circuit board, four modular connectors and two capacitors.
Normal gigabit signals travel in both directions and it’s impossible to build a completely passive tap. There are gigabit taps but they’re like 1000 bucks, so yeah – no thanks. To overcome this limitation though, the throwing star gracefully degrades the signal with these two supplied capacitors that force the connection down to 100 Mbits by adding a slight noise to the line. Unless you’re using a really really long cable this shouldn’t become an issue and in most cases the tapped device will just drop down to 100mbit without trouble.
You will also need a soldering iron, some electrical solder (i’m using rosin core solder with flux build in), and a pair of wire cutters. Insert the four connectors into the circuit board. Be careful that each of the leads extends through the circuit board before snapping the connector fully into place. Insert the two capacitors through the circuit board. Once the iron is hot, place just a bit of solder on the tip. This is called tinning, which prevents the tip from oxidizing. Oxidization is bad because the solder wont adhere to oxidized surfaces. Solder both the 8 leads on the connectors and the leads of each capacitor and clip off the excess with wire cutters. There are 36 solder points on this board, which should take just a few minutes once you get going… Ok, with the board soldered it’s time to start using it. For this part I’ve asked Darren to play the victim here and we’ll start tapping his connection.
Connect the computer to the network through the throwing star in line on ports J1 and J2. Connect another ethernet cord to J3 and/ or J4 and plug it into your computer that you’ll be sniffing packets on. One monitor port is send, the other is receive.
Next on your computer, set your ethernet adaptor to promiscious mode. To do so in Linux, type ifconfig eth0 promisc where eth0 is your ethernet adaptor. You can check that the adapter went into promiscuous mode by typing ifconfig eth0 and looking for PROMISC. Now fire up your fav packet sniffer, I’m going to use Wireshark because its built into BT5 already. Click applications> backtrack> information gathering> network analysis> net traffic analysis> wireshark. Then to start viewing traffic, click on eth0 or choose interfaces under capture and click start next to eth0. If all works you should start seeing packets being sniffed. If I want to filter say IRC, I’ll type IRC up in the filter box, click apply, and I should start seeing whatever Darren is sending.
To tap both transmit and and receive you’ll need a second ethernet adapter, like this little USB guy here. Either fire up a second instance of Wireshark or TCP Dump to tap eth0 and eth1 or bridge the connections together.
Nibble: Chrome task manager
I love Chrome. You love Chrome. Well, maybe you love Opera — nothin’ wrong with that. But if a page is harshin’ on your Chrome vibe go ahead and kill it with this keyboard combo. SHIFT+ESC brings up Chrome’s built-in task manager, cluing you into all sorts of details about every tabs memory, CPU and network usage. Right-click to get even more nitty gritty, or just kill the tabs process. There’s even a “”stats for nerds”” link that’ll bring you to about:memory for more than you ever wanted to know about how that flash game’s robbing your resources. Sorry Adobe — just sayin’
You know the deal, hak5.wpengine.com/nibble — keep ’em under 8 bits.
If you’re into Hak5 you’ll love our new show by hosts Darren Kitchen and Shannon Morse. Check out HakTip!
Whether you’re a beginner or a pro, HakTip is essential viewing for current and aspiring hackers, computer enthusiasts, and IT professionals. With a how-to approach to all things Information Technology, HakTip breaks down the core concepts, tools, and techniques of Linux, Wireless Networks, Systems Administration, and more
And let’s not forget to mention that you can follow us on Twitter and Facebook, Subscribe to the show and get all your Hak5 goodies, including the infamous WiFi Pineapple over at HakShop.com. If you have any questions or suggestions please feel free to contact us at [email protected].
Join modding wizard Ben Heck and friends as they build and modify a host of amazing community-inspired creations. Be sure to watch the most recent episode of The Ben Heck Show where Ben builds an Arduino-powered, exterior-mounted camera system for an off-road vehicle. The setup enables the driver to control the cameras from inside the cabin to get a better view of obstacles while driving on rugged, off-road terrain. This show about building, modding and electronics culture is brought to you exclusively by element14. Be sure to visit element14.com/tbhs for a chance to win one of Ben’s latest builds!
Iâ€™m here to tell you about a tool that will help you save time and money and make you look like a hero to clients or colleagues GoToAssist Express â€“ by Citrix. Lets you easily resolve computer issues in real time OR after hours. Even work while your customers are away from their computers, dramatically boosting your productivity. In fact, on average, Go To Assist Express users report a 40% increase in productivity â€“ thatâ€™s like getting 2 extra work days back a week! Try GoToAssist Express FREE for 30 Days. For this special offer visit
.TV is the best domain name for websites with video. If you want to build a video site or if your website has a play button, I recommend getting a .TV domain. A .TV website lets you showcase your original content and create a unique site, not just another YouTube channel. Just go to Domain.com and search for the perfect .TV domain for your new idea. Then use coupon code Hak5 at checkout to save an extra 15%. If you need to host your .TV website, donâ€™t forget about Domain.comâ€™s web hosting plans. Theyâ€™re less than six bucks a month and have everything you need to build, maintain, and promote your site. Remember â€“ when you think domain names, think Domain dot com. Got a great idea? It all starts with a great domain. Domain.com