This is a read-only snapshot of the ComputerCraft forums, taken in April 2020.
zxci's profile picture

modemShark Network Tool

Started by zxci, 27 November 2015 - 02:01 AM
zxci #1
Posted 27 November 2015 - 03:01 AM
ModemShark
ModemShark is my (basic) computercraft implementation of WireShark. So what does it do? ModemShark has two modes: Listen, and scan.

Listen mode sets a computer modem to "promiscuous" (e.g. it's paying attention to messages not sent to it's ID) & records modem messages(rednet messages, subsequently, as well) over the specified channels. The scan function works on largely the same principal. It's still listening for packets and still promiscuously listening to senderID's. However, the scan function attempts to coax a response out of devices acting as repeaters by sending a packet to them. It then compares the responses MessageID's to the ones it sent. If they're the same, it was repeated.

Capabilities
ModemShark's capabilities are largely restricted by how you want to apply them. What you do with this tool is up to you. It isn't inherently harmless, but there are ways you can use a passive sniffer/network scanner to make doing harm easier. Thus, you should be mindful of how you use it.

Good examples of usage of this tool:
- Use the listen mode to log how much traffic you're really sending publicly over a wireless (or wired, if you are on a public wired connection shared by many people) connection.
- Use the listen mode to log traffic that was sent over channels you didn't program a computer to send on.
- Use the listen mode to potentially help track down a missing turtle that moved too far, and its broadcasts aren't reaching the repeater.
- Use the listen mode to get a concept of how easy it is to spoof rednet ID "security".
- Use the scan mode to see how easy it is to coax an unintended response out of your network.
- Use the scan mode to determine if any nearby devices are acting as repeaters
- Use the scan mode to determine if you're too far from your repeater

Future Plans
- The ability to pass the received messages to an external API for decoding purposes.
- Debug options, at some point.
- Fix the scan mode in display mode messing with cursor placement
- Fix so basic computers can run the program from command line using a -clr flag

Installation
If you have an advanced computer, just run this:
pastebin run Dv6WLMUi
It'll create a directory /modemShark and save the program in root as mShark, but you can move it wherever you like.
Just don't move the /modemShark directory unless you plan on manually changing the code in mShark.
No external dependencies are required. Just run mShark.

If you're running a pocket computer, or a basic computer, use the old version.
Spoiler
pastebin get dHLVxba0 modemShark

NOTE: Unless you manually change it, logfiles will go to your root directory under the names:
"modemSharkSnifferLog" and "modemSharkScannerLog"
These will NOT be created unless you run the program with the -log flag.

Usage
All you have to do is call the program by name and use the GUI. When you click scan or listen mode, it will ask you to begin entering parameters. If it doesn't let you enter a parameter, it's invalid. Valid parameters include:
For ports(channel): 1-65535 (The second port must not be more than 128 higher than the original, due to modem restrictions)
For modems: The name of the side
For display and logging: y, yes, n, no

Note that entering the same value for both ports results in scanning only one port. This is valid (and useful) for monitoring broadcast traffic.

While the program is running, valid commands include:
Clear - clears the screen (currently breaks non-display mode)
Freeze - temporarily stops printing new interceptions/scan readouts(pointless to use in non-display mode)
Unfreeze - resumes printing new interceptions/scan readouts
Stop - stops the scan, restores your computers modem state(re-opens channels it closed to begin the scan)
Quit - Same as stop, except instead of taking you back to mShark, it quits the program directly

Additionally, you can bypass the GUI by passing modemShark arguments. All of the arguments are:
"-log" enables logging
"-dsp" disables the displaying of the traffic(when disabled it will show the splash)
"-scn" enables scan mode, if this flag isn't present, listen mode is selected
"(number)" or "(number)-(number2)" sets the channel/range of channels to scan
"(side)" dictates which modem is being used

The only required argument is the channel range. By default, all flags are set to off, and back is the default side. So, to run the program on startup, listening to the broadcast channel, logging but not displaying, on the top modem you would do:
shell.run("mShark 65533 top")

Images
http://imgur.com/a/n1sh9

Notes
1. Be aware that rednet.send() sends messages both on the modem channel equal to the ID specified, and on channel 65535. Thus, if you didn't program your computers to stop sending your messages over the public broadcast channel, they'll end up being sent to a common destination regardless of the channel you're trying to rednet.send() to. Keep this in mind when you're wondering why rednet.send() is being picked up on 65533 with modemShark.
2. Also be aware that when the craftOS repeat function receives a packet destined for 65533, it repeats the packet twice. Thus, if you use the scan function on 65533, you will get two responses.

Additional credits
Additional thanks goes out to Bomb Bloke, who wrote the majority of the scan function. My initial writing of it using coroutines didn't exactly go over well, and they fixed it.
Edited on 29 November 2015 - 01:09 PM
zxci #2
Posted 28 November 2015 - 08:01 AM
Scanner function is now good to go and in the code. The logging function is now accessible as well.

Note that you can manually edit the message contents and protocol in the function itself to test how easy it would be for someone to inject bad packets into your wireless systems. Does your net only respond to message of the protocol "secret"? Does your network have a framework reliant on only legitimate packets arriving under a certain format? etc. However, this is a fairly roundabout way of doing things because at such point it would be easier to just do it with your own code, probably. Mostly because if you are testing for this, you're probably only testing on one channel.
zxci #3
Posted 29 November 2015 - 02:04 PM
GUI has been implemented and you can now also pass the program proper flags to bypass the GUI/run at startup. See usage section for flags if you are interested.
roger109z #4
Posted 01 April 2016 - 10:09 PM
I found a bug: you never actually define the modem in the scanner I fixed it for you it was actually pretty simple eGDAh5J9 (this is just the mShark file)