ESP to Wireshark

Everyone’s favorite packet sniffing tool, Wireshark, has been around for almost two decades now. It’s one of the most popular network analysis tools available, partially due to it being free and open source. Its popularity guaranteed that it would eventually be paired with the ESP32/8266, the rising star of the wireless hardware world, and [spacehuhn] has finally brought these two tools together to sniff WiFi packets.

The library that [spacehuhn] created uses the ESP chip to save Pcap files (the default Wireshark filetype) onto an SD card or send the data over a serial connection. The program runs once every 30 seconds, creating a new Pcap file each time. There are many example scripts for the various hardware you might be using, and since this is written for the ESP platform it’s also Arduino compatible. [spacehuhn] has written this as a proof-of-concept, so there are some rough edges still, but this looks very promising as a network analysis tool.

[spacehuhn] is no stranger to wireless networks, either. His YouTube channel is full of interesting videos of him exploring various exploits and testing other pieces of hardware. He’s also been featured here before for using an ESP8266 as a WiFi jammer.

Continue reading “ESP to Wireshark”

HsNet: Node communications for feature-limited microcontrollers

[Diego Spinola] wrote in to tell us about a node communication system he’s been working on called HsNet. The aim is to build a system of nodes that can be made up of small and inexpensive microcontrollers. The problem is that the least expensive controllers often don’t have a hardware UART. HsNet implements the RS485 protocol using a software UART along with a slim and sleek addressing scheme.

The first module developed, seen in the image above and video after the break, is a single channel pulse-width-modulation node using a PIC 12F683. It can be sent commands in the payload of the HsNet packet format. The PWM modules accept three different commands; one is a desired PWM value, another is a delay between steps for the PWM, and the last toggles a blink function.

He has also developed an analog sensor module and an Arduino-based TCP/IC gateway module. Now that the packet communications have been established, it will be rather simple to add nodes based on that groundwork. [Diego] brought these components together to build an interactive wall which can also be seen after the break.

Continue reading “HsNet: Node communications for feature-limited microcontrollers”

Bringing the Shark to the Bee

Wireshark, a tool recognized universally as being one of the best network analyzers available, has long been used by legitimate network professionals as well as a shadier crowd (and everywhere in between). While useful for analyzing both wired and Wi-Fi traffic, monitoring 802.15.4 protocols (such as Zigbee) have not been a common use in the past. [Akiba] of FreakLabs has brought us a solution which works around the normal limitations of Wireshark’s libpcap base, which does not accept simple serial input from most homebrew setups that use FTDI or Arduinos to connect to Zigbee devices. Using named pipes and a few custom scripts, [Akiba] has been able to coax Wireshark into accepting input from one of FreakLabs Freakduino boards.

While there are certainly professional wireless analyzing tools out there that connect directly into Wireshark, we at Hackaday love showing off anyone who takes the difficult, cheap, out of the way method of doing things over the neat, expensive, commercial method any day.

Charter abandons packet monitoring advertising plan

Charter Communications has announced that it will no longer be attempting to target advertising based on user actions. The original strategy would have involved inspecting the contents of every packet sent or received by the customer. This usage pattern is associated with a specific IP and relevant ads are displayed on sites using NebuAd when that IP visits. NebuAd doesn’t directly share the IP, but we’ve seen in the past, even with obfuscation, a user’s search patterns alone have been known to give away their identity. The majority of all internet traffic is plaintext, but endusers have an expectation of privacy. User backlash is what eventually caused Charter to back down, but that doesn’t mean companies like NebuAd are going to be any less common.

[via EFF]
[photo: mattdork]