Feb 08 2021
over 1 year
Sniff Ethernet packets with the Netsplit
Meet the Swiss pocket knife of network traffic inspection
Netsplit is a passive Ethernet tap device, making it easy to sniff packets across Ethernet links. It fits in your pocket and requires no power, making it extremely easy and quick to use.
In this article we will explore exactly how to achieve this through a basic example scenario, as well as explain how the Netsplit works.
A bit of theory before we start
Before we actually jump into this, let's begin by looking at how the Netsplit actually works.
The Netsplit allows connecting two network nodes like a simple cable, but also exposes the transmission lines for each device as separate RJ45 ports. These "tap" ports are "listen-only": their transmission lines are not even wired, so there is no risk of creating any contention on the Ethernet link.
The two ports at the ends of the Netsplit are wired together as a standard CAT5 cable.
The other two ports located in the middle of the Netsplit have their reception lines wired to the transmission lines from the first two ports.
To make this work, the Netsplit forces the devices into "10/100" mode (prohibiting gigabit-speed comms) also known as "Fast Ethernet", which is well suited for passive monitoring. Gigabit sniffing cannot be done passively in this way. For this, go check out the Skunk gigabit tap & switch.
Let's get to it
From what we saw in the explanations above, we can start by connecting the Netsplit in place of the network cable between the two devices. Connect the two devices to the outermost ports on the Netsplit.
This will allow communication between the devices but limit it to 10/100 mode / "Fast Ethernet". The result should look exactly like the picture above.
Knowing how the Netsplit works, we know the two ports at the center can now be used to tap the transmission lines of either device.
This means we can actually connect our "sniffer" host to one of these center "tap" ports to start capturing packets. For this scenario, let us assume we wish to capture packets going from host "A" (left side) to host "B" (right side).
The tap ports are placed nearest to the port which they mirror the TX lines for. To sniff packets sent by host "A", we can use the center tap port closest to it. The picture below demonstrates this example setup.
That's it! The packets should now be flowing to the "sniffer" host connected to the tap port.
Let's start a TCPdump or Wireshark session and capture those packets!
Go check out ringtail.ch and get your Netsplit today!
Don't forget to subscribe to the newsletter to never miss an update!
Feb 05 2021
over 1 year
Announcing Ringtail - Dooba's security division
So it's been over a year since the last news. A lot has happened :)
Fear not however, as I have in fact been hard at work developing new products.
As many of you already know, I also work as a pentester for a Swiss cyber-security consultancy firm.
Over the past year I have encountered increasing opportunities to combine Dooba technology with my pentest job. In fact, some of you may already be familiar with Azban - the USB injection and payload delivery system I announced a few months ago.
I felt however that Azban did not have its place in the Dooba shop. I therefore setup a dedicated shop on the side just for it, which seemed like a good idea at the time.
As I started developing other products I realized it would quickly become an unmanageable mess to maintain multiple dedicated shops for every product that didn't really fit among Dooba's more "traditional" product line.
I recently decided it was time to create a subdivision within Dooba - one that could focus entierly on security-related products and technologies.
This was the birth of Ringtail Security.
This way I can keep developing cool Dooba modules and the SDK, but at the same time I hope that this new brand will allow me to go further in developing innovative, specialized products for pentesters or curious individuals.
Already some other interesting tools are available in the shop, and more will be added soon.
Go check out the selection at ringtail.ch!
Also, subscribe to the newsletter to never miss an update!
Aug 19 2019
about 3 years
Assembling some panels for the shop
It was time this weekend to assemble some more modules to replenish the stock for the shop.
I wanted to share a bit of the process, so you can see what goes into manufacturing your Swiss-made modules!
Setting up for stenciling
Stenciling is the first step of the process. The point here is to deposit some solder paste on the raw PCB panels through a stainless steel stencil.
With the help of a squeegee, the solder paste is pushed through the stencil and accurately applied to the PCB panel.
At this point I want to thank OSH Stencils and Digi-Key Switzerland for their amazing service.
OSH Stencils produce the stencils that I use to manufacture your modules. Their quality is perfect and consistent, and they offer very good support.
Digi-Key Switzerland supply the components with which I build your modules. Their selection of parts seems just endless and always in stock. Plus, their support is outstanding.
I was not paid to say any of this. I honestly enjoy working with these people - they are the best.
After completing this first step, the panels have all their solder pads covered in paste. The texture is similar to toothpaste, but I don't recommend brushing your teeth with it...
Pick & place
Now comes the most time-consuming part: placing every component on the panels.
Every single resistor, capacitor, IC chip, etc... They are simply "dropped" into place, right into the paste. The toothpaste-like consistency and texture will actually maintain the components in place until they are soldered.
For this, I use simple tweezers and some patience. After about two hours, all components are in place.
Well... ALMOST all components :)
Some components are not included at this stage and will be individually soldered later on. These are the through-hole components (large capacitors, 3.5mm stereo jacks) and sensitive components (mini-joysticks, switches, buttons) that risk being damaged by the heat during reflow.
Hot air reflow
Once the components are all sitting comfortably in solder paste, the next step is to expose the panels to enough heat for the paste to reflow.
The temperature must be carefully controlled to follow as accurately as possible the reflow profile of the solder paste's specification.
For this I use an Aoyue hot air station with a wide nozzle and low-speed flow.
After a few minutes the reflow is complete and everything is soldered into place. Unless extreme caution is applied during stenciling, some solder bridges will appear during reflow.
Now comes the time to clean up those solder bridges, as well as touch up any small defects that may have resulted from the reflow soldering step.
For this part I use a WT1010 soldering station from Weller tools and some solder wick.
When heated, the wick magically sucks away any excess solder through capillary action.
Once everything is reflowed, I finally add the remaining components and solder them by hand with the same WT1010 station.
After this, only one last step is still necessary: cleaning the panels.
I dip the panels in some alcohol (IPA, not vodka...) and gently rub them with a medium-soft toothbrush.
And that's it! The panels are now ready to be broken into individual modules for packaging and shipping :)
Don't forget to subscribe to the newsletter to get the latest updates!
Aug 12 2019
about 3 years
Creating a case for the Maracas player
Once you've built your awesome custom MP3 player with the Maracas kit, you may want to protect it.
You wouldn't want to risk damaging it while listening to your music on the go!
I'm quite a fan of 3D printing technology as it allows me to prototype many things very quickly and easily. Therefore I started sketching up a very primitive "generic" enclosure / case for projects based on the ioProto (medium size) prototyping board.
The case features small pegs to hold the board through its four holes, as well as openings on all sides and the top to allow access to connectors, switches, displays etc...
Turns out the Maracas I've built fits very neatly in this case and is more comfortable to use than I had expected!
The case is presented in the Dooba Wiki. You can download the source file for Autodesk Fusion 360 and adapt it to your needs.
If you haven't already done it, subscribe to the newsletter to get all the updates!
Jul 31 2019
about 3 years
Build your own portable MP3 player!
The wait is over...
The long-awaited Maracas kit is finally here - go check it out in the shop!
It contains everything you need to build your own custom portable MP3 player.
The best part is that we have a complete tutorial that will guide you through every aspect of the build process: assembling the hardware, writing the software and putting everything together.
Check it out here: Portable MP3 player on wiki.dooba.io.
This kit represents a bit of a challenge if you are new to electronics, but by following the tutorial you should get through it without any trouble.
Take your skills further and show off your super maker powers with this complete kit! The only things not included are a soldering iron and some solder.
Here are some pictures from one example build process:
These are the complete contents of the kit:
- Aecho MP3 decoder module
- Nomad LiPo battery module
- Inpad user input module
- ioProto board (medium)
- 160x128 TFT color display
- 2x 10k Ohm resistors
Single-core hookup wire (~ 3m / 9.8ft)
- LiPo battery
As always, don't forget to subscribe to the newsletter to get all the updates :)