The Interceptor - A Full install walkthrough

This install assumes you have openvpn installed on your desktop and you are flashing the Fon using redboot.pl. If you are using another flashing method you can skip to the start of the setup. The desktop should have a working tftp server containing the OpenWrt 8.09 RC2 lzma and squashfs files. Other versions may work but this guide is based on those files.

Prompts on the Fon look like this: root@OpenWrt:/tmp#

Prompts on the desktop look like this: root@desktop ~ #

Prompts at redboot look like this: RedBoot>

Flashing


root@desktop ~ # ifconfig eth0 192.168.1.254 up
root@desktop ~ # ./redboot.pl 192.168.1.1
192.168.1.1 is unreachable
ICMP Host Unreachable from 192.168.1.254 for ICMP Echo sent to 192.168.1.1
ICMP Host Unreachable from 192.168.1.254 for ICMP Echo sent to 192.168.1.1
ICMP Host Unreachable from 192.168.1.254 for ICMP Echo sent to 192.168.1.1
192.168.1.1 is unreachable
192.168.1.1 is unreachable
192.168.1.1 is alive
-> == Executing boot script in 1.450 seconds - enter ^C to abort
<- ^C
Trying 192.168.1.1...
Connected to 192.168.1.1.
Escape character is '^]'.
RedBoot> fis init
About to initialize [format] FLASH image system - continue (y/n)? y
*** Initialize FLASH Image System
... Erase from 0xa87e0000-0xa87f0000: .
... Program from 0x80ff0000-0x81000000 at 0xa87e0000: .
RedBoot> load -r -b %{FREEMEMLO} openwrt-atheros-vmlinux.lzma
Using default protocol (TFTP)
Raw file loaded 0x80040400-0x801003ff, assumed entry at 0x80040400
RedBoot> fis create -e 0x80041000 -r 0x80041000 vmlinux.bin.l7

< Wait for a while >

... Erase from 0xa8030000-0xa80f0000: ............
... Program from 0x80040400-0x80100400 at 0xa8030000: ............
... Erase from 0xa87e0000-0xa87f0000: .
... Program from 0x80ff0000-0x81000000 at 0xa87e0000: .
RedBoot> load -r -b %{FREEMEMLO} openwrt-atheros-root.squashfs
Using default protocol (TFTP)
Raw file loaded 0x80040400-0x801e03ff, assumed entry at 0x80040400
RedBoot> fis create -l 0x6F0000 rootfs

< Wait for a long while >

... Erase from 0xa80f0000-0xa87e0000: ...........
... Program from 0x80040400-0x801e0400 at 0xa80f0000: ..........................
... Erase from 0xa87e0000-0xa87f0000: .
... Program from 0x80ff0000-0x81000000 at 0xa87e0000: .

RedBoot> fconfig
Run script at boot: true
Boot script: 
Enter script, terminate with empty line
>> fis load -l vmlinux.bin.l7
>> exec
>> 
Boot script timeout (1000ms resolution): 2
Use BOOTP for network configuration: false
Gateway IP address: 
Local IP address: 192.168.1.1
Local IP address mask: 255.255.255.0
Default server IP address: 192.168.1.254
Console baud rate: 9600
GDB connection port: 9000
Force console for special debug messages: false
Network debug at boot time: false
Update RedBoot non-volatile configuration - continue (y/n)? y
... Erase from 0xa87e0000-0xa87f0000: .
... Program from 0x80ff0000-0x81000000 at 0xa87e0000: .
RedBoot> reset

^]
telnet> Connection closed.
root@desktop ~ # 

Start of setup


root@desktop ~ # ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=1.27 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=1.22 ms
^C
--- 192.168.1.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 1.226/1.252/1.278/0.026 ms

root@desktop ~ # telnet 192.168.1.1
Trying 192.168.1.1...
Connected to 192.168.1.1.
Escape character is '^]'.
 === IMPORTANT ============================
  Use 'passwd' to set your login password
  this will disable telnet and enable SSH
 ------------------------------------------


BusyBox v1.11.2 (2009-01-05 06:34:55 CET) built-in shell (ash)
Enter 'help' for a list of built-in commands.

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 KAMIKAZE (8.09, r14511) ----------------------------
  * 10 oz Vodka       Shake well with ice and strain
  * 10 oz Triple sec  mixture into 10 shot glasses.
  * 10 oz lime juice  Salute!
 ---------------------------------------------------
root@OpenWrt:/# passwd
Changing password for root
New password:
Retype password:
Password for root changed by root
root@OpenWrt:/# exit
Connection closed by foreign host.
root@desktop ~ # ssh root@!$
ssh root@192.168.1.1
The authenticity of host '192.168.1.1 (192.168.1.1)' can't be established.
RSA key fingerprint is 5c:35:a7:f6:b7:71:92:b9:fc:22:36:0e:f2:c1:f3:3a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.1' (RSA) to the list of known hosts.
root@192.168.1.1's password: 


BusyBox v1.11.2 (2009-01-05 06:34:55 CET) built-in shell (ash)
Enter 'help' for a list of built-in commands.

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 KAMIKAZE (8.09, r14511) ----------------------------
  * 10 oz Vodka       Shake well with ice and strain
  * 10 oz Triple sec  mixture into 10 shot glasses.
  * 10 oz lime juice  Salute!
 ---------------------------------------------------
root@OpenWrt:~# 

Change to Desktop


root@desktop interceptor # ls *ipk
kmod-tun_2.6.26.5-atheros-1_mips.ipk  liblzo_2.03-1_mips.ipk        libpcap_0.9.8-1_mips.ipk  wpa-supplicant_0.6.3-1_mips.ipk
libdnet_1.10-2_mips.ipk               libopenssl_0.9.8i-1_mips.ipk  openvpn_2.0.9-3_mips.ipk  zlib_1.2.3-5_mips.ipk
root@desktop interceptor # scp *.ipk 192.168.1.1:/tmp

Change to Fon


root@OpenWrt:/# cd /tmp
root@OpenWrt:/tmp# ls *ipk
kmod-tun_2.6.26.5-atheros-1_mips.ipk  liblzo_2.03-1_mips.ipk                libpcap_0.9.8-1_mips.ipk              wpa-supplicant_0.6.3-1_mips.ipk
libdnet_1.10-2_mips.ipk               libopenssl_0.9.8i-1_mips.ipk          openvpn_2.0.9-3_mips.ipk              zlib_1.2.3-5_mips.ipk
root@OpenWrt:/tmp# opkg install *ipk
Installing kmod-tun (2.6.26.5-atheros-1) to root...
Installing liblzo (2.03-1) to root...
Installing libopenssl (0.9.8i-1) to root...
Installing zlib (1.2.3-5) to root...
Installing openvpn (2.0.9-3) to root...
Installing libpcap (0.9.8-1) to root...
Installing libdnet (1.10-2) to root...
Package zlib (1.2.3-5) installed in root is up to date.
Configuring kmod-tun
Configuring liblzo
Configuring libopenssl
Configuring openvpn
Configuring zlib
Configuring libdnet
Configuring libpcap

root@OpenWrt:/tmp# vim /etc/config/wireless
config wifi-device  wifi0
        option type     atheros
        option channel  auto
        option disabled 0
                                          
config wifi-iface        
        option device   wifi0
        option mode     ap   
        option ssid     interceptor
        option encryption psk2 
        option key '<PSK HERE>'

root@OpenWrt:/tmp# vim /etc/config/network
config 'interface' 'loopback'
        option 'ifname' 'lo' 
        option 'proto' 'static'
        option 'ipaddr' '127.0.0.1'
        option 'netmask' '255.0.0.0'
                                    
config 'interface' 'lan'            
        option 'type' 'bridge'      
        option 'proto' 'static'
        # Remove this file when using for real so the bridge won't accidentally block a legitimate network device
        option 'ipaddr' '192.168.1.1' 
        option 'netmask' '255.255.255.0'
        option 'ifname' 'eth0.0'
                                
config 'interface' 'wan'        
        option 'ifname' 'eth0.1'

root@OpenWrt:/tmp# rm /etc/rc.d/*httpd /etc/rc.d/*dnsmasq

Change to Desktop


root@desktop interceptor # wget "http://digi.ninja/files/interceptor_1.0.tar.bz2"
--2009-03-13 23:32:00--  http://digi.ninja/files/interceptor_1.0.tar.bz2
Resolving digi.ninja... 78.136.54.17
Connecting to digi.ninja|78.136.54.17|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 29954 (29K) [application/x-bzip2]
Saving to: `interceptor_1.0.tar.bz2'

100%[=================================================================================>] 29,954      --.-K/s   in 0.1s    

2009-03-13 23:32:01 (199 KB/s) - `interceptor_1.0.tar.bz2' saved [29954/29954]

root@desktop interceptor # scp interceptor_1.0.tar.bz2 192.168.1.1:/tmp
root@192.168.1.1's password: 
interceptor_1.0.tar.bz2

root@desktop interceptor # mkdir unpack
root@desktop interceptor # cd unpack
root@desktop unpack # tar -xvjf ../interceptor_1.0.tar.bz2 
README
startup.sh
shutdown.sh
package/interceptor_1.0_mips.ipk
root@desktop unpack # scp package/interceptor_1.0_mips.ipk 192.168.1.1:/tmp
root@192.168.1.1's password: 
interceptor_1.0_mips.ipk                                                                 100%   24KB  24.4KB/s   00:00    

Change to Fon


root@OpenWrt:/tmp# opkg install interceptor_1.0_mips.ipk 
Installing interceptor (1) to root...
Configuring interceptor
Install finished, testing that it worked ok
SUCCESS! Interceptor installation appears OK. Welcome to Interceptor!
Install finished

root@OpenWrt:/tmp# 

< For debug/testing >

root@OpenWrt:/tmp# vim /etc/init.d/interceptor 

#!/bin/sh /etc/rc.common
                        
start() {               
        # ifconfig br-lan 0.0.0.0
        brctl addif br-lan eth0.1
        ifconfig ath0 10.255.255.254 up
}                                      
                                       
stop() {
        echo "Nothing to do"
}

root@OpenWrt:/tmp# /etc/init.d/interceptor start
root@OpenWrt:/tmp# 

Change to Desktop


root@desktop keys # mkdir keys
root@desktop keys # cd keys
root@desktop keys # cp -a /usr/share/openvpn/easy-rsa/* .
root@desktop keys # ls
README    build-dh     build-key       build-key-pkcs12  build-req       clean-all      list-crl           openssl.cnf  revoke-full  vars
build-ca  build-inter  build-key-pass  build-key-server  build-req-pass  inherit-inter  openssl-0.9.6.cnf  pkitool      sign-req     whichopensslcnf
root@desktop keys # vim vars 

export EASY_RSA="`pwd`"
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
export KEY_DIR="$EASY_RSA/keys"
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
export KEY_SIZE=1024
export CA_EXPIRE=3650
export KEY_EXPIRE=3650
export KEY_COUNTRY="GB"
export KEY_PROVINCE="XX"
export KEY_CITY="NinjaLand"
export KEY_ORG="Interceptor"
export KEY_EMAIL="bob@bobstories.com"

root@desktop keys # source ./vars 
NOTE: If you run ./clean-all, I will be doing a rm -rf on /usr/src/jasager/other_packages/interceptor/keys/keys
root@desktop keys # ./clean-all 
root@desktop keys # ./build-ca 
Generating a 1024 bit RSA private key
.++++++
................++++++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:
State or Province Name (full name) [XX]:
Locality Name (eg, city) [NinjaLand]:
Organization Name (eg, company) [Interceptor]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) [Interceptor CA]:
Email Address [bob@bobstories.com]:

root@desktop keys # ./build-key-server server
Generating a 1024 bit RSA private key
..........................................++++++
...........++++++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:
State or Province Name (full name) [XX]:
Locality Name (eg, city) [NinjaLand]:
Organization Name (eg, company) [Interceptor]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) [server]:
Email Address [bob@bobstories.com]:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /usr/src/jasager/other_packages/interceptor/keys/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'GB'
stateOrProvinceName   :PRINTABLE:'XX'
localityName          :PRINTABLE:'NinjaLand'
organizationName      :PRINTABLE:'Interceptor'
commonName            :PRINTABLE:'server'
emailAddress          :IA5STRING:'bob@bobstories.com'
Certificate is to be certified until Mar 11 23:26:12 2019 GMT (3650 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

root@desktop keys # ./build-key client1
Generating a 1024 bit RSA private key
.....++++++
..++++++
writing new private key to 'client1.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:
State or Province Name (full name) [XX]:
Locality Name (eg, city) [NinjaLand]:
Organization Name (eg, company) [Interceptor]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) [client1]:
Email Address [bob@bobstories.com]:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /usr/src/jasager/other_packages/interceptor/keys/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'GB'
stateOrProvinceName   :PRINTABLE:'XX'
localityName          :PRINTABLE:'NinjaLand'
organizationName      :PRINTABLE:'Interceptor'
commonName            :PRINTABLE:'client1'
emailAddress          :IA5STRING:'bob@bobstories.com'
Certificate is to be certified until Mar 11 23:27:57 2019 GMT (3650 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

root@desktop keys # ./build-dh 
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
.............................++*++*++*

root@desktop keys # ls keys
01.pem  03.pem  ca.key       client1.csr  dh1024.pem  index.txt.attr      index.txt.old  serial.old  server.csr
02.pem  ca.crt  client1.crt  client1.key  index.txt   index.txt.attr.old  serial         server.crt  server.key

root@desktop keys # cd keys
root@desktop keys # scp client1.crt client1.key ca.crt 192.168.1.1:/interceptor/openvpn/client/
root@192.168.1.1's password: 
client1.crt                                                                           100% 3785     3.7KB/s   00:00    
client1.key                                                                           100%  891     0.9KB/s   00:00    
ca.crt                                                                                100% 1245     1.2KB/s   00:00    

root@desktop keys # mkdir ../../unpack/certs
root@desktop keys # cp dh1024.pem server.crt server.key ca.crt ../../unpack/certs/

root@desktop keys # wpa_supplicant  -Dwext -i wlan0 -c /etc/wpa_supplicant.conf -B
Trying to associate with 00:18:84:a3:99:59 (SSID='interceptor' freq=2442 MHz)
Associated with 00:18:84:a3:99:59
WPA: Key negotiation completed with 00:18:84:a3:99:59 [PTK=CCMP GTK=CCMP]
CTRL-EVENT-CONNECTED - Connection to 00:18:84:a3:99:59 completed (auth) [id=1 id_str=]

root@desktop keys # ifconfig wlan0 10.255.255.253
root@desktop keys # ping 10.255.255.254
PING 10.255.255.254 (10.255.255.254) 56(84) bytes of data.
64 bytes from 10.255.255.254: icmp_seq=1 ttl=64 time=67.0 ms
64 bytes from 10.255.255.254: icmp_seq=2 ttl=64 time=4.71 ms
^C
--- 10.255.255.254 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 4.716/35.871/67.026/31.155 ms

root@desktop keys # cd ../../unpack/
root@desktop unpack # ./startup.sh
Starting vpn server
Giving server chance to start
Sat Mar 14 00:10:54 2009 OpenVPN 2.0.9 i686-pc-linux [SSL] [LZO] [EPOLL] built on Jul 11 2008
Sat Mar 14 00:10:54 2009 Diffie-Hellman initialized with 1024 bit key
Sat Mar 14 00:10:54 2009 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sat Mar 14 00:10:54 2009 TUN/TAP device tap0 opened
Sat Mar 14 00:10:54 2009 /sbin/ifconfig tap0 10.8.0.1 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255
Sat Mar 14 00:10:54 2009 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Sat Mar 14 00:10:54 2009 GID set to nobody
Sat Mar 14 00:10:54 2009 UID set to nobody
Sat Mar 14 00:10:54 2009 UDPv4 link local (bound): [undef]:1194
Sat Mar 14 00:10:54 2009 UDPv4 link remote: [undef]
Sat Mar 14 00:10:54 2009 MULTI: multi_init called, r=256 v=256
Sat Mar 14 00:10:54 2009 IFCONFIG POOL: base=10.8.0.2 size=253
Sat Mar 14 00:10:54 2009 IFCONFIG POOL LIST
Sat Mar 14 00:10:54 2009 Initialization Sequence Completed
Starting remote services
The authenticity of host '10.255.255.254 (10.255.255.254)' can't be established.
RSA key fingerprint is 5c:35:a7:f6:b7:71:92:b9:fc:22:36:0e:f2:c1:f3:3a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.255.255.254' (RSA) to the list of known hosts.
root@10.255.255.254's password:
Sat Mar 14 00:14:00 UTC 2009
Sat Mar 14 00:14:02 2009 OpenVPN 2.0.9 mips-linux [SSL] [LZO] built on Oct 13 2008
Sat Mar 14 00:14:02 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Sat Mar 14 00:14:02 2009 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sat Mar 14 00:14:02 2009 LZO compression initialized
Sat Mar 14 00:14:02 2009 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sat Mar 14 00:14:15 2009 MULTI: multi_create_instance called
Sat Mar 14 00:14:15 2009 10.255.255.254:48550 Re-using SSL/TLS context
Sat Mar 14 00:14:15 2009 10.255.255.254:48550 LZO compression initialized
Sat Mar 14 00:14:15 2009 10.255.255.254:48550 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sat Mar 14 00:14:15 2009 10.255.255.254:48550 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Sat Mar 14 00:14:15 2009 10.255.255.254:48550 Local Options hash (VER=V4): 'f7df56b8'
Sat Mar 14 00:14:15 2009 10.255.255.254:48550 Expected Remote Options hash (VER=V4): 'd79ca330'
Sat Mar 14 00:14:15 2009 10.255.255.254:48550 TLS: Initial packet from 10.255.255.254:48550, sid=f9cfb46f 3195a84c
Sat Mar 14 00:14:02 2009 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Sat Mar 14 00:14:02 2009 Local Options hash (VER=V4): 'd79ca330'
Sat Mar 14 00:14:02 2009 Expected Remote Options hash (VER=V4): 'f7df56b8'
Sat Mar 14 00:14:02 2009 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Sat Mar 14 00:14:02 2009 UDPv4 link local: [undef]
Sat Mar 14 00:14:02 2009 UDPv4 link remote: 10.255.255.253:1194
Sat Mar 14 00:14:02 2009 TLS: Initial packet from 10.255.255.253:1194, sid=cfeef914 ceb7d8e6
Sat Mar 14 00:14:04 2009 VERIFY OK: depth=1, /C=GB/ST=XX/L=NinjaLand/O=Interceptor/CN=Interceptor_CA/emailAddress=bob@bobstories.com
Sat Mar 14 00:14:04 2009 VERIFY OK: depth=0, /C=GB/ST=XX/L=NinjaLand/O=Interceptor/CN=server/emailAddress=bob@bobstories.com
Sat Mar 14 00:14:19 2009 10.255.255.254:48550 VERIFY OK: depth=1, /C=GB/ST=XX/L=NinjaLand/O=Interceptor/CN=Interceptor_CA/emailAddress=bob@bobstories.com
Sat Mar 14 00:14:19 2009 10.255.255.254:48550 VERIFY OK: depth=0, /C=GB/ST=XX/L=NinjaLand/O=Interceptor/CN=client1/emailAddress=bob@bobstories.com
Sat Mar 14 00:14:20 2009 10.255.255.254:48550 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Mar 14 00:14:20 2009 10.255.255.254:48550 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Mar 14 00:14:20 2009 10.255.255.254:48550 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Mar 14 00:14:20 2009 10.255.255.254:48550 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Mar 14 00:14:07 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Mar 14 00:14:07 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Mar 14 00:14:07 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Mar 14 00:14:20 2009 10.255.255.254:48550 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Mar 14 00:14:20 2009 10.255.255.254:48550 [client1] Peer Connection Initiated with 10.255.255.254:48550
Sat Mar 14 00:14:07 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Mar 14 00:14:07 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Mar 14 00:14:07 2009 [server] Peer Connection Initiated with 10.255.255.253:1194
Sat Mar 14 00:14:08 2009 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sat Mar 14 00:14:22 2009 client1/10.255.255.254:48550 PUSH: Received control message: 'PUSH_REQUEST'
Sat Mar 14 00:14:22 2009 client1/10.255.255.254:48550 SENT CONTROL [client1]: 'PUSH_REPLY,route-gateway 10.8.0.1,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0' (status=1)
Sat Mar 14 00:14:08 2009 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.8.0.1,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0'
Sat Mar 14 00:14:08 2009 OPTIONS IMPORT: timers and/or timeouts modified
Sat Mar 14 00:14:08 2009 OPTIONS IMPORT: --ifconfig/up options modified
Sat Mar 14 00:14:08 2009 OPTIONS IMPORT: route options modified
Sat Mar 14 00:14:08 2009 TUN/TAP device tap0 opened
Sat Mar 14 00:14:08 2009 /sbin/ifconfig tap0 10.8.0.2 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255
Sat Mar 14 00:14:08 2009 GID set to nogroup
Sat Mar 14 00:14:08 2009 UID set to nobody
Sat Mar 14 00:14:08 2009 Initialization Sequence Completed
[-] Daemon mode set
[-] Interface set to br-lan
[-] Log filename set to "daemonlogger.pcap"
[-] Tap output interface set to tap0[-] Pidfile configured to "daemonlogger.pid"
[-] Pidpath configured to "/var/run"
[-] Rollover size set to 2147483648 bytes
[-] Rollover time configured for 0 seconds
[-] Pruning behavior set to oldest IN DIRECTORY

-*> DaemonLogger <*-
Version 1.2.1
By Martin Roesch
(C) Copyright 2006-2007 Sourcefire Inc., All rights reserved

root@desktop unpack # ifconfig tap0
tap0      Link encap:Ethernet  HWaddr AE:3A:7B:EC:20:E7  
          inet addr:10.8.0.1  Bcast:10.8.0.255  Mask:255.255.255.0
          inet6 addr: fe80::ac3a:7bff:feec:20e7/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:18 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:3300 (3.2 Kb)  TX bytes:468 (468.0 b)

root@desktop unpack # tcpdump -i tap0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tap0, link-type EN10MB (Ethernet), capture size 96 bytes
00:19:08.810373 ARP, Request who-has laptop.digininja.int tell server.digininja.int, length 46
00:19:08.814475 ARP, Reply laptop.digininja.int is-at 00:1f:c6:df:2a:17 (oui Unknown), length 46
00:19:08.814609 IP server.digininja.int > laptop.digininja.int: ICMP echo request, id 49731, seq 1, length 64
00:19:08.815483 IP laptop.digininja.int > server.digininja.int: ICMP echo reply, id 49731, seq 1, length 64
00:19:09.809240 IP server.digininja.int > laptop.digininja.int: ICMP echo request, id 49731, seq 2, length 64
00:19:09.811126 IP laptop.digininja.int > server.digininja.int: ICMP echo reply, id 49731, seq 2, length 64
00:19:10.809604 IP server.digininja.int > laptop.digininja.int: ICMP echo request, id 49731, seq 3, length 64
00:19:10.811527 IP laptop.digininja.int > server.digininja.int: ICMP echo reply, id 49731, seq 3, length 64
00:19:11.809906 IP server.digininja.int > laptop.digininja.int: ICMP echo request, id 49731, seq 4, length 64
00:19:11.811861 IP laptop.digininja.int > server.digininja.int: ICMP echo reply, id 49731, seq 4, length 64
00:19:13.810474 ARP, Request who-has server.digininja.int tell laptop.digininja.int, length 46
00:19:13.812334 ARP, Reply server.digininja.int is-at 00:1e:8c:66:86:04 (oui Unknown), length 46
^C

root@desktop unpack # ./shutdown.sh 
Shutting down remote services
root@10.255.255.254's password: 
Shutting down the interceptor
Done
Shutting down local services
Sat Mar 14 00:26:57 2009 event_wait : Interrupted system call (code=4)
Sat Mar 14 00:26:58 2009 TCP/UDP: Closing socket
Sat Mar 14 00:26:58 2009 Closing TUN/TAP interface
Sat Mar 14 00:26:58 2009 SIGTERM[hard,] received, process exiting

Sub Pages

Categories

Support The Site

I don't get paid for any of the projects on this site so if you'd like to support my work you can do so by using the affiliate links below where I either get account credits or cash back. Usually only pennies, but they all add up.