Hardware Packet Monitor – Raspberry PI

So I have been working on a new project with my Raspberry Pi 3. I was looking for situations where something running on my current PC would block an application like Wireshark, and how to work around this protection. My solution was a direct bridge through my Raspberry Pi along my ethernet cable.

First things first. The Raspberry Pi 3 only has 1 ethernet port, so I had to purchase an adapter for a second one. I purchased this one on amazon and had no troubles, it is the same speed as the onboard port the Pi has. This could be accomplished with IP Tables and using the Wlan0 interface, however I opted to spend money and make my life easier.

The first step is to enable SSH and connect your Pi to wifi. Here is a tutorial for that if you don’t already know.

Next you will need to connect over Putty, The default login is: pi / raspberry

Once connected, you’ll need to navigate to /etc

Now, you’ll need to edit the rc.local file using nano.

You’ll need to add the following to the file.

I added a bit more when playing around. The new file should look like this.

Good now you can save that file with Ctrl+O and exit with Ctrl+X

Now you can shutdown your Pi using sudo shutdown.

Hardware setup time!

The red X’s are unneeded for this build, I was using them during initial setup and never removed them.
The yellow circle represents the eth1 interface, this connects to your router/switch/ect.
The green circle represents the eth0 interface, this connects to your PC.
The purple circle is the power connector, I directly connected this to a USB port on my PC so the Pi boots whenever I boot my PC.

Once all of this is connected, You should be able to boot your pi and use your internet as if nothing was changed.

Now the software 😀

For this example, I will be using TCPDump, you can install this with sudo apt-get install tcpdump

First verify that your bridge is setup. (You wouldn’t have internet on your PC if it wasn’t)
For this I used ifconfig, however it can be done many ways.

Now you can start monitoring packets

You can cancel the packet capture with Ctrl+C

Extension
So if your internet is faster than 100Mbps the raspberry pi may not be your best bet. If you need Between 100Mbps and 1Gbps I would recommend doing something similar to this with the new Asus Tinker board which has onboard 1Gbps ethernet.

I plan to continue this project with a Raspberry Pi Zero, Power over Ethernet, and libtins.

 

 

I captured all these screenshots and videos with my custom Gyazo tool. You can read about that here.

Liked it? Take a second to support Lystic on Patreon!
About Lystic 19 Articles
ArmA Scripter. Former cheater. Always have security in mind.