17 posts
Posted 27 November 2015 - 03:01 AM
ModemShark
ModemShark is my (basic) computercraft implementation of WireShark. So what does it do? ModemShark has two modes: Listen, and scan.
Listen mode sets a computer modem to "promiscuous" (e.g. it's paying attention to messages not sent to it's ID) & records modem messages(rednet messages, subsequently, as well) over the specified channels. The scan function works on largely the same principal. It's still listening for packets and still promiscuously listening to senderID's. However, the scan function attempts to coax a response out of devices acting as repeaters by sending a packet to them. It then compares the responses MessageID's to the ones it sent. If they're the same, it was repeated.
Capabilities
ModemShark's capabilities are largely restricted by how you want to apply them. What you do with this tool is up to you. It isn't inherently harmless, but there are ways you can use a passive sniffer/network scanner to make doing harm easier. Thus, you should be mindful of how you use it.
Good examples of usage of this tool:
- Use the listen mode to log how much traffic you're really sending publicly over a wireless (or wired, if you are on a public wired connection shared by many people) connection.
- Use the listen mode to log traffic that was sent over channels you didn't program a computer to send on.
- Use the listen mode to potentially help track down a missing turtle that moved too far, and its broadcasts aren't reaching the repeater.
- Use the listen mode to get a concept of how easy it is to spoof rednet ID "security".
- Use the scan mode to see how easy it is to coax an unintended response out of your network.
- Use the scan mode to determine if any nearby devices are acting as repeaters
- Use the scan mode to determine if you're too far from your repeater
Future Plans
- The ability to pass the received messages to an external API for decoding purposes.
- Debug options, at some point.
- Fix the scan mode in display mode messing with cursor placement
- Fix so basic computers can run the program from command line using a -clr flag
Installation
If you have an advanced computer, just run this:
Just don't move the /modemShark directory unless you plan on manually changing the code in mShark.
No external dependencies are required. Just run mShark.
If you're running a pocket computer, or a basic computer, use the old version.
NOTE: Unless you manually change it, logfiles will go to your root directory under the names:
"modemSharkSnifferLog" and "modemSharkScannerLog"
These will NOT be created unless you run the program with the -log flag.
Usage
All you have to do is call the program by name and use the GUI. When you click scan or listen mode, it will ask you to begin entering parameters. If it doesn't let you enter a parameter, it's invalid. Valid parameters include:
For ports(channel): 1-65535 (The second port must not be more than 128 higher than the original, due to modem restrictions)
For modems: The name of the side
For display and logging: y, yes, n, no
Note that entering the same value for both ports results in scanning only one port. This is valid (and useful) for monitoring broadcast traffic.
While the program is running, valid commands include:
Clear - clears the screen (currently breaks non-display mode)
Freeze - temporarily stops printing new interceptions/scan readouts(pointless to use in non-display mode)
Unfreeze - resumes printing new interceptions/scan readouts
Stop - stops the scan, restores your computers modem state(re-opens channels it closed to begin the scan)
Quit - Same as stop, except instead of taking you back to mShark, it quits the program directly
Additionally, you can bypass the GUI by passing modemShark arguments. All of the arguments are:
"-log" enables logging
"-dsp" disables the displaying of the traffic(when disabled it will show the splash)
"-scn" enables scan mode, if this flag isn't present, listen mode is selected
"(number)" or "(number)-(number2)" sets the channel/range of channels to scan
"(side)" dictates which modem is being used
The only required argument is the channel range. By default, all flags are set to off, and back is the default side. So, to run the program on startup, listening to the broadcast channel, logging but not displaying, on the top modem you would do:
shell.run("mShark 65533 top")
Images
http://imgur.com/a/n1sh9
Notes
1. Be aware that rednet.send() sends messages both on the modem channel equal to the ID specified, and on channel 65535. Thus, if you didn't program your computers to stop sending your messages over the public broadcast channel, they'll end up being sent to a common destination regardless of the channel you're trying to rednet.send() to. Keep this in mind when you're wondering why rednet.send() is being picked up on 65533 with modemShark.
2. Also be aware that when the craftOS repeat function receives a packet destined for 65533, it repeats the packet twice. Thus, if you use the scan function on 65533, you will get two responses.
Additional credits
Additional thanks goes out to Bomb Bloke, who wrote the majority of the scan function. My initial writing of it using coroutines didn't exactly go over well, and they fixed it.
ModemShark is my (basic) computercraft implementation of WireShark. So what does it do? ModemShark has two modes: Listen, and scan.
Listen mode sets a computer modem to "promiscuous" (e.g. it's paying attention to messages not sent to it's ID) & records modem messages(rednet messages, subsequently, as well) over the specified channels. The scan function works on largely the same principal. It's still listening for packets and still promiscuously listening to senderID's. However, the scan function attempts to coax a response out of devices acting as repeaters by sending a packet to them. It then compares the responses MessageID's to the ones it sent. If they're the same, it was repeated.
Capabilities
ModemShark's capabilities are largely restricted by how you want to apply them. What you do with this tool is up to you. It isn't inherently harmless, but there are ways you can use a passive sniffer/network scanner to make doing harm easier. Thus, you should be mindful of how you use it.
Good examples of usage of this tool:
- Use the listen mode to log how much traffic you're really sending publicly over a wireless (or wired, if you are on a public wired connection shared by many people) connection.
- Use the listen mode to log traffic that was sent over channels you didn't program a computer to send on.
- Use the listen mode to potentially help track down a missing turtle that moved too far, and its broadcasts aren't reaching the repeater.
- Use the listen mode to get a concept of how easy it is to spoof rednet ID "security".
- Use the scan mode to see how easy it is to coax an unintended response out of your network.
- Use the scan mode to determine if any nearby devices are acting as repeaters
- Use the scan mode to determine if you're too far from your repeater
Future Plans
- The ability to pass the received messages to an external API for decoding purposes.
- Debug options, at some point.
- Fix the scan mode in display mode messing with cursor placement
- Fix so basic computers can run the program from command line using a -clr flag
Installation
If you have an advanced computer, just run this:
pastebin run Dv6WLMUiJust don't move the /modemShark directory unless you plan on manually changing the code in mShark.
No external dependencies are required. Just run mShark.
If you're running a pocket computer, or a basic computer, use the old version.
Spoiler
pastebin get dHLVxba0 modemSharkNOTE: Unless you manually change it, logfiles will go to your root directory under the names:
"modemSharkSnifferLog" and "modemSharkScannerLog"
These will NOT be created unless you run the program with the -log flag.
Usage
All you have to do is call the program by name and use the GUI. When you click scan or listen mode, it will ask you to begin entering parameters. If it doesn't let you enter a parameter, it's invalid. Valid parameters include:
For ports(channel): 1-65535 (The second port must not be more than 128 higher than the original, due to modem restrictions)
For modems: The name of the side
For display and logging: y, yes, n, no
Note that entering the same value for both ports results in scanning only one port. This is valid (and useful) for monitoring broadcast traffic.
While the program is running, valid commands include:
Clear - clears the screen (currently breaks non-display mode)
Freeze - temporarily stops printing new interceptions/scan readouts(pointless to use in non-display mode)
Unfreeze - resumes printing new interceptions/scan readouts
Stop - stops the scan, restores your computers modem state(re-opens channels it closed to begin the scan)
Quit - Same as stop, except instead of taking you back to mShark, it quits the program directly
Additionally, you can bypass the GUI by passing modemShark arguments. All of the arguments are:
"-log" enables logging
"-dsp" disables the displaying of the traffic(when disabled it will show the splash)
"-scn" enables scan mode, if this flag isn't present, listen mode is selected
"(number)" or "(number)-(number2)" sets the channel/range of channels to scan
"(side)" dictates which modem is being used
The only required argument is the channel range. By default, all flags are set to off, and back is the default side. So, to run the program on startup, listening to the broadcast channel, logging but not displaying, on the top modem you would do:
shell.run("mShark 65533 top")
Images
http://imgur.com/a/n1sh9
Notes
1. Be aware that rednet.send() sends messages both on the modem channel equal to the ID specified, and on channel 65535. Thus, if you didn't program your computers to stop sending your messages over the public broadcast channel, they'll end up being sent to a common destination regardless of the channel you're trying to rednet.send() to. Keep this in mind when you're wondering why rednet.send() is being picked up on 65533 with modemShark.
2. Also be aware that when the craftOS repeat function receives a packet destined for 65533, it repeats the packet twice. Thus, if you use the scan function on 65533, you will get two responses.
Additional credits
Additional thanks goes out to Bomb Bloke, who wrote the majority of the scan function. My initial writing of it using coroutines didn't exactly go over well, and they fixed it.
Edited on 29 November 2015 - 01:09 PM
