| 3 |
Using Carnivore / CarnivorePE / Playback works but not live sniffing
on: 07/05/10 at 07:23:57 |
| Started by eattheword | Post by eattheword |
I just got CarnivorePE (2.2.3). I'm running it on a MacBook Pro OS X 10.6.4. I did the chmod thing. Then I:
1. Ran the CarnivorePE program
2. Loaded up the Max/MSP client
3. Clicked Connect in the client.
Carnivore now shows "Client On" but "Network" has an empty circle next to it. If I load up the log file that came with Carnivore and play that back then it happily sends the packets out and the Max/MSP patch receives them. But I simply cannot get it to work live.
At first I thought it was because my Mac is connected to the router by an Ethernet cable through a switch. So I unplugged the cable and turned on Airport to use the router directly via wireless. Still nothing shows up.
Here's the OS X Console log after starting CarnivorePE:
05/07/2010 12:19:35 [0x0-0x862862].CarnivorePE[16448] [org.rsg.carnivore.Preferences] loading preference file
05/07/2010 12:19:35 [0x0-0x862862].CarnivorePE[16448] [org.rsg.carnivore.gui.GUI] creating and showing GUI
05/07/2010 12:19:37 [0x0-0x862862].CarnivorePE[16448] [GUI] isFinishedLaunching = true;
05/07/2010 12:19:37 [0x0-0x862862].CarnivorePE[16448] [org.rsg.carnivore.gui.Console] hide
05/07/2010 12:19:37 [0x0-0x862862].CarnivorePE[16448] [org.rsg.carnivore.CarnivorePE] starting carnivore core
05/07/2010 12:19:37 [0x0-0x862862].CarnivorePE[16448] [org.rsg.carnivore.Core] starting Carnivore core...
05/07/2010 12:19:37 [0x0-0x862862].CarnivorePE[16448] [org.rsg.carnivore.net.Devices] Found network devices: {vmnet1=vmnet1, vmnet8=vmnet8, en1=AirPort}
05/07/2010 12:19:37 [0x0-0x862862].CarnivorePE[16448] [org.rsg.carnivore.Core] Warning -- can't open device "vmnet1" (CaptureDeviceOpenException)
05/07/2010 12:19:37 [0x0-0x862862].CarnivorePE[16448] [org.rsg.carnivore.Core] starting PacketCacheThread
05/07/2010 12:19:37 [0x0-0x862862].CarnivorePE[16448] [org.rsg.carnivore.Core] addCarnivoreListener: org.rsg.carnivore.CarnivorePE@1ad6b4b
05/07/2010 12:19:37 [0x0-0x862862].CarnivorePE[16448] [org.rsg.carnivore.gui.GUI] initializing GUI with preferences
05/07/2010 12:19:37 [0x0-0x862862].CarnivorePE[16448] [org.rsg.carnivore.gui.AGJCheckBox] checkbox_ascii: true
05/07/2010 12:19:37 [0x0-0x862862].CarnivorePE[16448] [org.rsg.carnivore.gui.AGJCheckBox] shouldAllowExternalClients: true
05/07/2010 12:19:37 [0x0-0x862862].CarnivorePE[16448] [org.rsg.carnivore.gui.Menu] MENU_SHOW_CONSOLE
05/07/2010 12:19:37 [0x0-0x862862].CarnivorePE[16448] [org.rsg.carnivore.gui.Console] show
05/07/2010 12:19:37 [0x0-0x862862].CarnivorePE[16448] [org.rsg.carnivore.gui.AGJSlider] stateChanged: 11.0
05/07/2010 12:19:37 [0x0-0x862862].CarnivorePE[16448] [org.rsg.carnivore.gui.AGJSlider] stateChanged: 11.0
05/07/2010 12:19:37 [0x0-0x862862].CarnivorePE[16448] [org.rsg.carnivore.Log] setDebug: true
05/07/2010 12:19:37 [0x0-0x862862].CarnivorePE[16448] [org.rsg.carnivore.net.Server] ServerSocket started on port 6667
Then, when I click connect in the Max/MSP patch, Carnivore switches to show "Client ON" and the OS X log shows:
05/07/2010 12:21:13 [0x0-0x862862].CarnivorePE[16448] [org.rsg.carnivore.net.Server] new connection accepted from: 127.0.0.1
05/07/2010 12:21:13 [0x0-0x862862].CarnivorePE[16448] [org.rsg.carnivore.net.Client] thread run()
Notes, the CarnivorePE Console has remained empty all this time.
If I try some web activity in the browser, still nothing. I used Firefox to open an internet radio station and still nothing.
Any ideas? |
|
Reply | Quote | Notify of replies
|
| 4 |
Using Carnivore / CarnivorePE / Re: No sniffing at all
on: 06/19/10 at 11:04:13 |
| Started by arsrobota | Post by arsrobota |
Hi, thanx for replying. Actually, I got internet through an Intel Pro/Wireless 2200BG card and my computers are connected with Ethernet cards. So I guess the problem comes from XP itself, but I think I have set my server well (I might be wrong).
Are there services or options that require a special attention? I'm using Apache through EasyPhp 5.3.2, could it "block" data? What about "promiscuous mode"?
Thanx again for taking the time to help me.
Take care,
aR |
|
Reply | Quote | Notify of replies
|
| 5 |
Using Carnivore / CarnivorePE / Re: No sniffing at all
on: 06/19/10 at 10:41:40 |
| Started by arsrobota | Post by RSG |
hi, there's no setting to select your interface. the way carnivore works is that it scans your interfaces and then opens *each* interface that it can open. so if you have an interface that carnivore can sniff, it will sniff it. this means of course that if something is wrong, it's wrong elsewhere. in my experience Windows can be very aggressive about blocking access, ostensibly for security reasons. not knowing your configuration, my *guess* is that either Windows is not letting carnivore sniff, or you have a nonstandard network card of some kind that carnivore doesn't understand. if you have any Windows firewall stuff turned on, try turning that off. or try turning off any other Windows network security mechanisms.
fyi if you have any kind of nonstandard network configuration, carnivore wont work (i.e. if you have a VPN set up, or an exotic network card like USB ethernet, etc.) |
|
Reply | Quote | Notify of replies
|
| 6 |
Using Carnivore / CarnivorePE / Re: No sniffing at all
on: 06/15/10 at 05:27:26 |
| Started by arsrobota | Post by arsrobota |
OK, port 6667 is fixed, Carnivore is on but no data passes through it. Someone told me I had to configure Carnivore to work on the right network interface, but I thought we didn't have to choose an interface anymore.
Is there such a setting like this to do?
Thanx a lot,
aR |
|
Reply | Quote | Notify of replies
|
| 7 |
Using Carnivore / CarnivorePE / Re: No sniffing at all
on: 06/03/10 at 08:06:17 |
| Started by arsrobota | Post by arsrobota |
Hello all,
I discovered that port 6667 is invisible on my PC, I tried netstat -an but this port doesn't appear at all.
Does anybody have a clue about the reason for that?
Thanx a lot,
aR |
|
Reply | Quote | Notify of replies
|
| 8 |
Using Carnivore / Processing Library / Re: Using Pcap capture files
on: 04/28/10 at 09:27:32 |
| Started by sprayGenius | Post by RSG |
gotcha. okay a few different answers
for question 1: you can capture and save packets using the standalone CarnivorePE application (not the carnivore processing library). start recording, stop recording, save a .cpe file. should be pretty easy. then you can load that .cpe file into processing.
question 2 there have been some questions about this. as far as i know the lost packet problem was fixed: setting carnivore to unlimited packets per second really *does* mean unlimited. it's only when you put it at 19 or fewer packets per second that you will/might be losing packets. although i might need to roll out a new release with this fix. can't remember.
question 3. ah-ha! yes, the new development version of the carnivore core already does all this. so yer one step ahead of us. sounds like yer building an interesting project. btw, there's a new super secret app under development here codenamed iLAN which sounds like might be similar to yours. iLAN has a lot of nice features like being able to reassemble tcp packet sessions into the original files. i'll need to get off my butt and roll it out :)
so yeah my previous suggests are probably not applicable to what you're trying to do, sorry.
remember the CarnivorePacket currently provides you with a byte[] called data. you can parse this byte by byte if you feel like rolling yer own IP and TCP header parser. it's a bit tricky but definitely doable. |
|
Reply | Quote | Notify of replies
|
| 9 |
Using Carnivore / Processing Library / Re: Using Pcap capture files
on: 04/28/10 at 08:23:50 |
| Started by sprayGenius | Post by sprayGenius |
I may not have described my goal well enough.
I want to do a pcap capture externally with the libpcap fileformat. Then i want to use carnivore methods of displaying network data with my external pcap file.
The reason I want to use an external file is
1) I can't see a way of saving packets captured from carnivore
2) I need to be sure how many packets are lost and I need to be able to manually analyze the packets. I don't know enough of how carnivore processes the packets and how they are handled.
3) I need access to Sequence Numbers, Acknowledgement numbers, Flags, ID and other fields within the tcp header and ip header. I have manually extracted the flags from the byte headers by using the methods withing jpcap. I tried to call the library from processig, but I got errors telling me it conflicted with carnivore packet library. i assume you have extended the jpcap library in some way?
I'm also going to add other data sources and include it with the processing nodes. I want to make the nodes to be selectable so I can display more network information.
Hope this is a better explenation. :) |
|
Reply | Quote | Notify of replies
|
| 10 |
Using Carnivore / Processing Library / Re: Using Pcap capture files
on: 04/28/10 at 08:05:45 |
| Started by sprayGenius | Post by RSG |
can you describe *exactly* what your goal is, because i think we're talking across purposes. the code you posted makes it appear like you are trying to launch your own pcap sniffer instance within carnivore??
is your ultimate goal to parse packet headers at the byte level? or is your ultimate goal to playback a pcap log file? |
|
Reply | Quote | Notify of replies
|
Carnivore Forum » Powered by YaBB 2.1!
YaBB © 2000-2005. All Rights Reserved.
|
