(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

A while back, I was in need of tapping the traffic going through my Linux gateway and was looking at doing this on the cheap, meaning to spend as little as possible on a tap to capture everything going from the internal to external and vice versa without having to put in another device (inline tap). After reviewing daemonloggers [1] capabilities, I realized I could capture the traffic from one of the two interfaces of my gateway and forward a copy to a third interface connected to my packet sniffer.


In my rc.local file, I added the following command to get the software tap to restart each time the gateway was restarted. The configuration is simple, indicate which interface is used for the input (i.e. -i eth0) and where the software tap is located (i.e. -o eth2) by activating tap mode and finally start daemonlogger as a daemon (i.e. -d).

# Starting packet forwarding to from eth0 to eth2 for full packet capture ...
/usr/local/sbin/daemonlogger -i eth0 -o eth2 -d

[1] https://github.com/vrtadmin/Daemonlogger

-----------
Guy Bruneau IPSS Inc.
Twitter: GuyBruneau
gbruneau at isc dot sans dot edu

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
RTMPDump CVE-2015-8271 Remote Code Execution Vulnerability
 
RTMPDump NULL pointer Dereference Remote Denial of Service Vulnerability
 
PyCrypto 'cryptmsg.py' Buffer Overflow Vulnerability
 
Firejail '/etc/resolv.conf' Remote Security Bypass Vulnerability
 
Nagios CVE-2016-8641 Local Privilege Escalation Vulnerability
 
Trane ComfortLink II CVE-2015-2868 Remote Code Execution Vulnerability
 
TRANE COMFORTLINK II CVE-2015-2867 Hardcoded Credentials Security Bypass Vulnerability
 
PHPMailer < 5.2.18 Remote Code Execution [updated advisory] [CVE-2016-10033]
 
IBM Jazz Foundation CVE-2016-6061 Cross Site Scripting Vulnerability
 
Tor CVE-2016-8860 Remote Denial of Service Vulnerability
 
BitTorrent API Cross Site Scripting Vulnerability
 
Joomla Blog Calender 'index.php' SQL Injection Vulnerability
 
IBM Jazz Foundation CVE-2016-6040 Remote Security Bypass Vulnerability
 
IBM Jazz Foundation CVE-2016-6030 Cross Site Scripting Vulnerability
 
PHPMailer CVE-2016-10033 Remote Code Execution Vulnerability
 
Roundcube CVE-2016-9920 Remote Code Execution Vulnerability
 
Apache Xerces CVE-2016-2099 Use-After-Free Remote Code Execution Vulnerability
 
Internet Storm Center Infocon Status