Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I've been pondering the idea of how I could packet sniff my xbox all week using either Ethereal or tcpdump. I don't see any obvious way to tell the sniffer to sniff a specific MAC address so I'm wondering if this can be done using one of these utilities?
Well, first you obviously can filter it afterwards in Ethereal. Also man tcpdump , search ether src.
I don't understand what your saying? If I run tcpdump or ethereal it packet sniffs my local machine not the Xbox?? I want to tell the utility to specifically monitor all traffic from the Xbox MAC address ingnoring all traffic from my laptop that I would be running ethereal/tcpdump from. Anybody know how to do this? I'll look for the ether src in the man for tcpdump.
If your laptop and XBox are on the same hub, then running Ethereal as root will allow it to sniff all traffic by devices on the hub (since hubs are dumb devices and bradcast each incoming packet to all other ports). If you have a switch, though, the switch only sends the packet to the destination port (a switch, unlike a hub, has intelligence and space to store MAC address/port tables). Fancy managed switches allow for monitor/mirror ports to be configured so that all traffic is also sent to these ports for sniffing/IDS uses. A little consumer home dswitch would probably not have this feature, though. In that case you can buy a hub cheaply.
You could always try MAC spoofing to trick the switch into sending packets from the XBox yto your laptop, but I've never tried it.
A better option is to sniff on your network gateway to collect all outgoing traffic from the XBox. This is easy if you're using a Linux/BSD system as your network gateway -- just run Ethereal or tcpdump on it.
If you have 2 ethernet ports on your laptop via another card etc, you could set up a bridge and monitor that. The laptop would sit between the xbox and the hub/switch. Its easy to set up and also kinda fun.
Ok, I'm at work now messing around with two established SSH sessions. My laptop is connected to a 10base hub at home that runs off my NATTED 100base router. Another old machine (PII 400) is connected directly to one of the router ports. I ran this command:
tcpdump host 10.16.0.53 and my laptop started to actively monitor the packets from that machine instead of the laptop. This also worked using tcpdump src 10.16.0.53. So, I'm assuming my router acts more like a hub in this regard broadcasting all packets to all ports. I'm not using my laptop as a network gateway so that's not an option. I just tried using my router as the src address to see what packets it would capture. While running some ICMP pings it appeared that it was only capturing traffic that was directed at the router itself as opposed to all the traffic from machines connected to it.. In other words it wasn't showing traffic to my other machines when pinging them. Thanks for these tips guys! You really know your stuff and now I can't wait to see what type of traffic I can capture from my xbox/360 for fun. For instance, I would like to see the servers that my 360 connects to when I'm downloading stuff from the Xbox marketplace. PS - It was also fun seeing what an nmap scan looked like when monitoring my PII 400 desktop using tcpdump.
Welp, I tried to use the src and host option to tell it to sniff the 360 while I was downloading a demo. No dice... Not capturing anything. Maybe the xbox somehow prevents packet sniffing? Who knows. I should probably invest in a real router so I can properly monitor traffic coming in and out of my network.
Distribution: approximately NixOS (http://nixos.org)
Posts: 1,900
Rep:
Try using arpspoof from dsniff package to make the xbox think your MAC address is the one it wants to send packets to as to router. Do not forget to switch on ip_forward. Then you will be able to intercept its traffic. Also failopen mode of switch maybe useful: try to simultaniously ping with hping the router from different fake addresses. Maybe you should buy not router but just hub. If you have just ports on the router and no switch, then hub or switch (better hub) is needed.
Try using arpspoof from dsniff package to make the xbox think your MAC address is the one it wants to send packets to as to router. Do not forget to switch on ip_forward. Then you will be able to intercept its traffic. Also failopen mode of switch maybe useful: try to simultaniously ping with hping the router from different fake addresses. Maybe you should buy not router but just hub. If you have just ports on the router and no switch, then hub or switch (better hub) is needed.
Hmm, this sounds pretty technical. I'll have to look into this package.
First thing to try would be to send icmp redirects to your xbox, this is easier. something like sping or hping3 should do the trick.
The xbox has to accept them which is not alyays the case. Worth trying...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.