Skip to content

Latest commit

 

History

History
80 lines (50 loc) · 2.7 KB

README.md

File metadata and controls

80 lines (50 loc) · 2.7 KB

pipe2cap

Transfers remote network frames to a local adapter on Windows (using winpcap) or Linux.

You will be able to:

  • use apps that cannot use stdin as a pcap capture source;
  • use as many apps as you want at the same time with only one remote network frame capture flow.

How to:

For Windows boxes:

  • Add a MS loopback adapter to your Windows box;

  • Disable all network properties of this new adapter;

  • Reinstall winpcap or reboot your computer in order to add this new adapter to the pcap interface list;

  • Start pipe2cap.exe without any argument to list adapters:

    Available interfaces:

    0 : \Device\NPF_{2AC8F83E-C9B9-45EF-AF30-46CAAA4991CE} (Intel(R) PRO/1000 MT)

    1 : \Device\NPF_{FC6032FA-D434-43A2-A34F-D792BB3EF7B4} (MS LoopBack Driver)

  • Connect to your linux remote box like this:

    plink.exe -ssh -pw password [email protected] "tcpdump -n -s 0 -i eth0 -w - not port ssh" | *path_to_file*\pipe2cap.exe 1

    => it will forward frames captured by tcpdump on 192.168.1.1 (except ssh) to your local MS loopback adapter identified by its id ( 1 ).

  • Start your favorite tools (ie: Wireshark, Ethergrouik, NetworkMiner...) and listen to your MS loopback adapter

For Linux boxes:

  • Add a dummy iface: sudo modprobe dummy; (Thanks Max!)

  • Start the iface: sudo ifconfig dummy0 up;

  • Start pipe2cap without any argument to list adapters: sudo ./pipe2cap;

    Available interfaces:

0 : enp6s0 ((null))

1 : dummy0 ((null))

2 : any (Pseudo-device that captures on all interfaces)

3 : lo ((null))

4 : vboxnet0 ((null))

5 : bluetooth-monitor (Bluetooth Linux Monitor)

6 : nflog (Linux netfilter log (NFLOG) interface)

7 : nfqueue (Linux netfilter queue (NFQUEUE) interface)

8 : usbmon1 (USB bus number 1)

9 : usbmon2 (USB bus number 2)

10 : usbmon3 (USB bus number 3)

11 : usbmon4 (USB bus number 4)

12 : enx0050b60be189 ((null))

  • Connect to the remote linux box like this:

    sshpass -p password ssh [email protected] "tcpdump -n -s 0 -i eth0 -w - not port ssh" | sudo ./pipe2cap 1

    => it will forward frames captured by tcpdump on 192.168.1.1 (except ssh) to your dummy0 iface identified by its id ( 1 ).

How to add a MS Loopback adapter:

https://technet.microsoft.com/en-us/library/cc708322%28v=ws.10%29.aspx

How to build the project:

On Windows boxes:

  • Download and install Codeblocks (codeblocks-16.01mingw-setup.exe was used to realize this project);
  • Load the Codeblocks project file pipe2cap.cbp
  • Winpcap dependencies are already present in the project.

On Linux boxes:

  • sudo apt-get install libpcap-dev
  • compile: just type make or gcc -o pipe2cap main.c -lpcap

Enjoy!!!