The Interceptor - A Full install walkthrough
This install assumes you have openvpn installed on your desktop and you are flashing the Fon using redboot.pl. If you are using another flashing method you can skip to the start of the setup. The desktop should have a working tftp server containing the OpenWrt 8.09 RC2 lzma and squashfs files. Other versions may work but this guide is based on those files.
Prompts on the Fon look like this: root@OpenWrt:/tmp#
Prompts on the desktop look like this: root@desktop ~ #
Prompts at redboot look like this: RedBoot>
Flashing
root@desktop ~ # ifconfig eth0 192.168.1.254 up
root@desktop ~ # ./redboot.pl 192.168.1.1
192.168.1.1 is unreachable
ICMP Host Unreachable from 192.168.1.254 for ICMP Echo sent to 192.168.1.1
ICMP Host Unreachable from 192.168.1.254 for ICMP Echo sent to 192.168.1.1
ICMP Host Unreachable from 192.168.1.254 for ICMP Echo sent to 192.168.1.1
192.168.1.1 is unreachable
192.168.1.1 is unreachable
192.168.1.1 is alive
-> == Executing boot script in 1.450 seconds - enter ^C to abort
<- ^C
Trying 192.168.1.1...
Connected to 192.168.1.1.
Escape character is '^]'.
RedBoot> fis init
About to initialize [format] FLASH image system - continue (y/n)? y
*** Initialize FLASH Image System
... Erase from 0xa87e0000-0xa87f0000: .
... Program from 0x80ff0000-0x81000000 at 0xa87e0000: .
RedBoot> load -r -b %{FREEMEMLO} openwrt-atheros-vmlinux.lzma
Using default protocol (TFTP)
Raw file loaded 0x80040400-0x801003ff, assumed entry at 0x80040400
RedBoot> fis create -e 0x80041000 -r 0x80041000 vmlinux.bin.l7
< Wait for a while >
... Erase from 0xa8030000-0xa80f0000: ............
... Program from 0x80040400-0x80100400 at 0xa8030000: ............
... Erase from 0xa87e0000-0xa87f0000: .
... Program from 0x80ff0000-0x81000000 at 0xa87e0000: .
RedBoot> load -r -b %{FREEMEMLO} openwrt-atheros-root.squashfs
Using default protocol (TFTP)
Raw file loaded 0x80040400-0x801e03ff, assumed entry at 0x80040400
RedBoot> fis create -l 0x6F0000 rootfs
< Wait for a long while >
... Erase from 0xa80f0000-0xa87e0000: ...........
... Program from 0x80040400-0x801e0400 at 0xa80f0000: ..........................
... Erase from 0xa87e0000-0xa87f0000: .
... Program from 0x80ff0000-0x81000000 at 0xa87e0000: .
RedBoot> fconfig
Run script at boot: true
Boot script:
Enter script, terminate with empty line
>> fis load -l vmlinux.bin.l7
>> exec
>>
Boot script timeout (1000ms resolution): 2
Use BOOTP for network configuration: false
Gateway IP address:
Local IP address: 192.168.1.1
Local IP address mask: 255.255.255.0
Default server IP address: 192.168.1.254
Console baud rate: 9600
GDB connection port: 9000
Force console for special debug messages: false
Network debug at boot time: false
Update RedBoot non-volatile configuration - continue (y/n)? y
... Erase from 0xa87e0000-0xa87f0000: .
... Program from 0x80ff0000-0x81000000 at 0xa87e0000: .
RedBoot> reset
^]
telnet> Connection closed.
root@desktop ~ #
Start of setup
root@desktop ~ # ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=1.27 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=1.22 ms
^C
--- 192.168.1.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 1.226/1.252/1.278/0.026 ms
root@desktop ~ # telnet 192.168.1.1
Trying 192.168.1.1...
Connected to 192.168.1.1.
Escape character is '^]'.
=== IMPORTANT ============================
Use 'passwd' to set your login password
this will disable telnet and enable SSH
------------------------------------------
BusyBox v1.11.2 (2009-01-05 06:34:55 CET) built-in shell (ash)
Enter 'help' for a list of built-in commands.
_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
KAMIKAZE (8.09, r14511) ----------------------------
* 10 oz Vodka Shake well with ice and strain
* 10 oz Triple sec mixture into 10 shot glasses.
* 10 oz lime juice Salute!
---------------------------------------------------
root@OpenWrt:/# passwd
Changing password for root
New password:
Retype password:
Password for root changed by root
root@OpenWrt:/# exit
Connection closed by foreign host.
root@desktop ~ # ssh root@!$
ssh root@192.168.1.1
The authenticity of host '192.168.1.1 (192.168.1.1)' can't be established.
RSA key fingerprint is 5c:35:a7:f6:b7:71:92:b9:fc:22:36:0e:f2:c1:f3:3a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.1' (RSA) to the list of known hosts.
root@192.168.1.1's password:
BusyBox v1.11.2 (2009-01-05 06:34:55 CET) built-in shell (ash)
Enter 'help' for a list of built-in commands.
_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
KAMIKAZE (8.09, r14511) ----------------------------
* 10 oz Vodka Shake well with ice and strain
* 10 oz Triple sec mixture into 10 shot glasses.
* 10 oz lime juice Salute!
---------------------------------------------------
root@OpenWrt:~#
Change to Desktop
root@desktop interceptor # ls *ipk
kmod-tun_2.6.26.5-atheros-1_mips.ipk liblzo_2.03-1_mips.ipk libpcap_0.9.8-1_mips.ipk wpa-supplicant_0.6.3-1_mips.ipk
libdnet_1.10-2_mips.ipk libopenssl_0.9.8i-1_mips.ipk openvpn_2.0.9-3_mips.ipk zlib_1.2.3-5_mips.ipk
root@desktop interceptor # scp *.ipk 192.168.1.1:/tmp
Change to Fon
root@OpenWrt:/# cd /tmp
root@OpenWrt:/tmp# ls *ipk
kmod-tun_2.6.26.5-atheros-1_mips.ipk liblzo_2.03-1_mips.ipk libpcap_0.9.8-1_mips.ipk wpa-supplicant_0.6.3-1_mips.ipk
libdnet_1.10-2_mips.ipk libopenssl_0.9.8i-1_mips.ipk openvpn_2.0.9-3_mips.ipk zlib_1.2.3-5_mips.ipk
root@OpenWrt:/tmp# opkg install *ipk
Installing kmod-tun (2.6.26.5-atheros-1) to root...
Installing liblzo (2.03-1) to root...
Installing libopenssl (0.9.8i-1) to root...
Installing zlib (1.2.3-5) to root...
Installing openvpn (2.0.9-3) to root...
Installing libpcap (0.9.8-1) to root...
Installing libdnet (1.10-2) to root...
Package zlib (1.2.3-5) installed in root is up to date.
Configuring kmod-tun
Configuring liblzo
Configuring libopenssl
Configuring openvpn
Configuring zlib
Configuring libdnet
Configuring libpcap
root@OpenWrt:/tmp# vim /etc/config/wireless
config wifi-device wifi0
option type atheros
option channel auto
option disabled 0
config wifi-iface
option device wifi0
option mode ap
option ssid interceptor
option encryption psk2
option key '<PSK HERE>'
root@OpenWrt:/tmp# vim /etc/config/network
config 'interface' 'loopback'
option 'ifname' 'lo'
option 'proto' 'static'
option 'ipaddr' '127.0.0.1'
option 'netmask' '255.0.0.0'
config 'interface' 'lan'
option 'type' 'bridge'
option 'proto' 'static'
# Remove this file when using for real so the bridge won't accidentally block a legitimate network device
option 'ipaddr' '192.168.1.1'
option 'netmask' '255.255.255.0'
option 'ifname' 'eth0.0'
config 'interface' 'wan'
option 'ifname' 'eth0.1'
root@OpenWrt:/tmp# rm /etc/rc.d/*httpd /etc/rc.d/*dnsmasq
Change to Desktop
root@desktop interceptor # wget "http://digi.ninja/files/interceptor_1.0.tar.bz2"
--2009-03-13 23:32:00-- http://digi.ninja/files/interceptor_1.0.tar.bz2
Resolving digi.ninja... 78.136.54.17
Connecting to digi.ninja|78.136.54.17|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 29954 (29K) [application/x-bzip2]
Saving to: `interceptor_1.0.tar.bz2'
100%[=================================================================================>] 29,954 --.-K/s in 0.1s
2009-03-13 23:32:01 (199 KB/s) - `interceptor_1.0.tar.bz2' saved [29954/29954]
root@desktop interceptor # scp interceptor_1.0.tar.bz2 192.168.1.1:/tmp
root@192.168.1.1's password:
interceptor_1.0.tar.bz2
root@desktop interceptor # mkdir unpack
root@desktop interceptor # cd unpack
root@desktop unpack # tar -xvjf ../interceptor_1.0.tar.bz2
README
startup.sh
shutdown.sh
package/interceptor_1.0_mips.ipk
root@desktop unpack # scp package/interceptor_1.0_mips.ipk 192.168.1.1:/tmp
root@192.168.1.1's password:
interceptor_1.0_mips.ipk 100% 24KB 24.4KB/s 00:00
Change to Fon
root@OpenWrt:/tmp# opkg install interceptor_1.0_mips.ipk
Installing interceptor (1) to root...
Configuring interceptor
Install finished, testing that it worked ok
SUCCESS! Interceptor installation appears OK. Welcome to Interceptor!
Install finished
root@OpenWrt:/tmp#
< For debug/testing >
root@OpenWrt:/tmp# vim /etc/init.d/interceptor
#!/bin/sh /etc/rc.common
start() {
# ifconfig br-lan 0.0.0.0
brctl addif br-lan eth0.1
ifconfig ath0 10.255.255.254 up
}
stop() {
echo "Nothing to do"
}
root@OpenWrt:/tmp# /etc/init.d/interceptor start
root@OpenWrt:/tmp#
Change to Desktop
root@desktop keys # mkdir keys
root@desktop keys # cd keys
root@desktop keys # cp -a /usr/share/openvpn/easy-rsa/* .
root@desktop keys # ls
README build-dh build-key build-key-pkcs12 build-req clean-all list-crl openssl.cnf revoke-full vars
build-ca build-inter build-key-pass build-key-server build-req-pass inherit-inter openssl-0.9.6.cnf pkitool sign-req whichopensslcnf
root@desktop keys # vim vars
export EASY_RSA="`pwd`"
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
export KEY_DIR="$EASY_RSA/keys"
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
export KEY_SIZE=1024
export CA_EXPIRE=3650
export KEY_EXPIRE=3650
export KEY_COUNTRY="GB"
export KEY_PROVINCE="XX"
export KEY_CITY="NinjaLand"
export KEY_ORG="Interceptor"
export KEY_EMAIL="bob@bobstories.com"
root@desktop keys # source ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /usr/src/jasager/other_packages/interceptor/keys/keys
root@desktop keys # ./clean-all
root@desktop keys # ./build-ca
Generating a 1024 bit RSA private key
.++++++
................++++++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:
State or Province Name (full name) [XX]:
Locality Name (eg, city) [NinjaLand]:
Organization Name (eg, company) [Interceptor]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) [Interceptor CA]:
Email Address [bob@bobstories.com]:
root@desktop keys # ./build-key-server server
Generating a 1024 bit RSA private key
..........................................++++++
...........++++++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:
State or Province Name (full name) [XX]:
Locality Name (eg, city) [NinjaLand]:
Organization Name (eg, company) [Interceptor]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) [server]:
Email Address [bob@bobstories.com]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /usr/src/jasager/other_packages/interceptor/keys/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'GB'
stateOrProvinceName :PRINTABLE:'XX'
localityName :PRINTABLE:'NinjaLand'
organizationName :PRINTABLE:'Interceptor'
commonName :PRINTABLE:'server'
emailAddress :IA5STRING:'bob@bobstories.com'
Certificate is to be certified until Mar 11 23:26:12 2019 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
root@desktop keys # ./build-key client1
Generating a 1024 bit RSA private key
.....++++++
..++++++
writing new private key to 'client1.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:
State or Province Name (full name) [XX]:
Locality Name (eg, city) [NinjaLand]:
Organization Name (eg, company) [Interceptor]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) [client1]:
Email Address [bob@bobstories.com]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /usr/src/jasager/other_packages/interceptor/keys/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'GB'
stateOrProvinceName :PRINTABLE:'XX'
localityName :PRINTABLE:'NinjaLand'
organizationName :PRINTABLE:'Interceptor'
commonName :PRINTABLE:'client1'
emailAddress :IA5STRING:'bob@bobstories.com'
Certificate is to be certified until Mar 11 23:27:57 2019 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
root@desktop keys # ./build-dh
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
.............................++*++*++*
root@desktop keys # ls keys
01.pem 03.pem ca.key client1.csr dh1024.pem index.txt.attr index.txt.old serial.old server.csr
02.pem ca.crt client1.crt client1.key index.txt index.txt.attr.old serial server.crt server.key
root@desktop keys # cd keys
root@desktop keys # scp client1.crt client1.key ca.crt 192.168.1.1:/interceptor/openvpn/client/
root@192.168.1.1's password:
client1.crt 100% 3785 3.7KB/s 00:00
client1.key 100% 891 0.9KB/s 00:00
ca.crt 100% 1245 1.2KB/s 00:00
root@desktop keys # mkdir ../../unpack/certs
root@desktop keys # cp dh1024.pem server.crt server.key ca.crt ../../unpack/certs/
root@desktop keys # wpa_supplicant -Dwext -i wlan0 -c /etc/wpa_supplicant.conf -B
Trying to associate with 00:18:84:a3:99:59 (SSID='interceptor' freq=2442 MHz)
Associated with 00:18:84:a3:99:59
WPA: Key negotiation completed with 00:18:84:a3:99:59 [PTK=CCMP GTK=CCMP]
CTRL-EVENT-CONNECTED - Connection to 00:18:84:a3:99:59 completed (auth) [id=1 id_str=]
root@desktop keys # ifconfig wlan0 10.255.255.253
root@desktop keys # ping 10.255.255.254
PING 10.255.255.254 (10.255.255.254) 56(84) bytes of data.
64 bytes from 10.255.255.254: icmp_seq=1 ttl=64 time=67.0 ms
64 bytes from 10.255.255.254: icmp_seq=2 ttl=64 time=4.71 ms
^C
--- 10.255.255.254 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 4.716/35.871/67.026/31.155 ms
root@desktop keys # cd ../../unpack/
root@desktop unpack # ./startup.sh
Starting vpn server
Giving server chance to start
Sat Mar 14 00:10:54 2009 OpenVPN 2.0.9 i686-pc-linux [SSL] [LZO] [EPOLL] built on Jul 11 2008
Sat Mar 14 00:10:54 2009 Diffie-Hellman initialized with 1024 bit key
Sat Mar 14 00:10:54 2009 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sat Mar 14 00:10:54 2009 TUN/TAP device tap0 opened
Sat Mar 14 00:10:54 2009 /sbin/ifconfig tap0 10.8.0.1 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255
Sat Mar 14 00:10:54 2009 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Sat Mar 14 00:10:54 2009 GID set to nobody
Sat Mar 14 00:10:54 2009 UID set to nobody
Sat Mar 14 00:10:54 2009 UDPv4 link local (bound): [undef]:1194
Sat Mar 14 00:10:54 2009 UDPv4 link remote: [undef]
Sat Mar 14 00:10:54 2009 MULTI: multi_init called, r=256 v=256
Sat Mar 14 00:10:54 2009 IFCONFIG POOL: base=10.8.0.2 size=253
Sat Mar 14 00:10:54 2009 IFCONFIG POOL LIST
Sat Mar 14 00:10:54 2009 Initialization Sequence Completed
Starting remote services
The authenticity of host '10.255.255.254 (10.255.255.254)' can't be established.
RSA key fingerprint is 5c:35:a7:f6:b7:71:92:b9:fc:22:36:0e:f2:c1:f3:3a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.255.255.254' (RSA) to the list of known hosts.
root@10.255.255.254's password:
Sat Mar 14 00:14:00 UTC 2009
Sat Mar 14 00:14:02 2009 OpenVPN 2.0.9 mips-linux [SSL] [LZO] built on Oct 13 2008
Sat Mar 14 00:14:02 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Sat Mar 14 00:14:02 2009 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sat Mar 14 00:14:02 2009 LZO compression initialized
Sat Mar 14 00:14:02 2009 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sat Mar 14 00:14:15 2009 MULTI: multi_create_instance called
Sat Mar 14 00:14:15 2009 10.255.255.254:48550 Re-using SSL/TLS context
Sat Mar 14 00:14:15 2009 10.255.255.254:48550 LZO compression initialized
Sat Mar 14 00:14:15 2009 10.255.255.254:48550 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sat Mar 14 00:14:15 2009 10.255.255.254:48550 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Sat Mar 14 00:14:15 2009 10.255.255.254:48550 Local Options hash (VER=V4): 'f7df56b8'
Sat Mar 14 00:14:15 2009 10.255.255.254:48550 Expected Remote Options hash (VER=V4): 'd79ca330'
Sat Mar 14 00:14:15 2009 10.255.255.254:48550 TLS: Initial packet from 10.255.255.254:48550, sid=f9cfb46f 3195a84c
Sat Mar 14 00:14:02 2009 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Sat Mar 14 00:14:02 2009 Local Options hash (VER=V4): 'd79ca330'
Sat Mar 14 00:14:02 2009 Expected Remote Options hash (VER=V4): 'f7df56b8'
Sat Mar 14 00:14:02 2009 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Sat Mar 14 00:14:02 2009 UDPv4 link local: [undef]
Sat Mar 14 00:14:02 2009 UDPv4 link remote: 10.255.255.253:1194
Sat Mar 14 00:14:02 2009 TLS: Initial packet from 10.255.255.253:1194, sid=cfeef914 ceb7d8e6
Sat Mar 14 00:14:04 2009 VERIFY OK: depth=1, /C=GB/ST=XX/L=NinjaLand/O=Interceptor/CN=Interceptor_CA/emailAddress=bob@bobstories.com
Sat Mar 14 00:14:04 2009 VERIFY OK: depth=0, /C=GB/ST=XX/L=NinjaLand/O=Interceptor/CN=server/emailAddress=bob@bobstories.com
Sat Mar 14 00:14:19 2009 10.255.255.254:48550 VERIFY OK: depth=1, /C=GB/ST=XX/L=NinjaLand/O=Interceptor/CN=Interceptor_CA/emailAddress=bob@bobstories.com
Sat Mar 14 00:14:19 2009 10.255.255.254:48550 VERIFY OK: depth=0, /C=GB/ST=XX/L=NinjaLand/O=Interceptor/CN=client1/emailAddress=bob@bobstories.com
Sat Mar 14 00:14:20 2009 10.255.255.254:48550 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Mar 14 00:14:20 2009 10.255.255.254:48550 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Mar 14 00:14:20 2009 10.255.255.254:48550 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Mar 14 00:14:20 2009 10.255.255.254:48550 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Mar 14 00:14:07 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Mar 14 00:14:07 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Mar 14 00:14:07 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Mar 14 00:14:20 2009 10.255.255.254:48550 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Mar 14 00:14:20 2009 10.255.255.254:48550 [client1] Peer Connection Initiated with 10.255.255.254:48550
Sat Mar 14 00:14:07 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Mar 14 00:14:07 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Mar 14 00:14:07 2009 [server] Peer Connection Initiated with 10.255.255.253:1194
Sat Mar 14 00:14:08 2009 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sat Mar 14 00:14:22 2009 client1/10.255.255.254:48550 PUSH: Received control message: 'PUSH_REQUEST'
Sat Mar 14 00:14:22 2009 client1/10.255.255.254:48550 SENT CONTROL [client1]: 'PUSH_REPLY,route-gateway 10.8.0.1,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0' (status=1)
Sat Mar 14 00:14:08 2009 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.8.0.1,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0'
Sat Mar 14 00:14:08 2009 OPTIONS IMPORT: timers and/or timeouts modified
Sat Mar 14 00:14:08 2009 OPTIONS IMPORT: --ifconfig/up options modified
Sat Mar 14 00:14:08 2009 OPTIONS IMPORT: route options modified
Sat Mar 14 00:14:08 2009 TUN/TAP device tap0 opened
Sat Mar 14 00:14:08 2009 /sbin/ifconfig tap0 10.8.0.2 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255
Sat Mar 14 00:14:08 2009 GID set to nogroup
Sat Mar 14 00:14:08 2009 UID set to nobody
Sat Mar 14 00:14:08 2009 Initialization Sequence Completed
[-] Daemon mode set
[-] Interface set to br-lan
[-] Log filename set to "daemonlogger.pcap"
[-] Tap output interface set to tap0[-] Pidfile configured to "daemonlogger.pid"
[-] Pidpath configured to "/var/run"
[-] Rollover size set to 2147483648 bytes
[-] Rollover time configured for 0 seconds
[-] Pruning behavior set to oldest IN DIRECTORY
-*> DaemonLogger <*-
Version 1.2.1
By Martin Roesch
(C) Copyright 2006-2007 Sourcefire Inc., All rights reserved
root@desktop unpack # ifconfig tap0
tap0 Link encap:Ethernet HWaddr AE:3A:7B:EC:20:E7
inet addr:10.8.0.1 Bcast:10.8.0.255 Mask:255.255.255.0
inet6 addr: fe80::ac3a:7bff:feec:20e7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:18 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:3300 (3.2 Kb) TX bytes:468 (468.0 b)
root@desktop unpack # tcpdump -i tap0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tap0, link-type EN10MB (Ethernet), capture size 96 bytes
00:19:08.810373 ARP, Request who-has laptop.digininja.int tell server.digininja.int, length 46
00:19:08.814475 ARP, Reply laptop.digininja.int is-at 00:1f:c6:df:2a:17 (oui Unknown), length 46
00:19:08.814609 IP server.digininja.int > laptop.digininja.int: ICMP echo request, id 49731, seq 1, length 64
00:19:08.815483 IP laptop.digininja.int > server.digininja.int: ICMP echo reply, id 49731, seq 1, length 64
00:19:09.809240 IP server.digininja.int > laptop.digininja.int: ICMP echo request, id 49731, seq 2, length 64
00:19:09.811126 IP laptop.digininja.int > server.digininja.int: ICMP echo reply, id 49731, seq 2, length 64
00:19:10.809604 IP server.digininja.int > laptop.digininja.int: ICMP echo request, id 49731, seq 3, length 64
00:19:10.811527 IP laptop.digininja.int > server.digininja.int: ICMP echo reply, id 49731, seq 3, length 64
00:19:11.809906 IP server.digininja.int > laptop.digininja.int: ICMP echo request, id 49731, seq 4, length 64
00:19:11.811861 IP laptop.digininja.int > server.digininja.int: ICMP echo reply, id 49731, seq 4, length 64
00:19:13.810474 ARP, Request who-has server.digininja.int tell laptop.digininja.int, length 46
00:19:13.812334 ARP, Reply server.digininja.int is-at 00:1e:8c:66:86:04 (oui Unknown), length 46
^C
root@desktop unpack # ./shutdown.sh
Shutting down remote services
root@10.255.255.254's password:
Shutting down the interceptor
Done
Shutting down local services
Sat Mar 14 00:26:57 2009 event_wait : Interrupted system call (code=4)
Sat Mar 14 00:26:58 2009 TCP/UDP: Closing socket
Sat Mar 14 00:26:58 2009 Closing TUN/TAP interface
Sat Mar 14 00:26:58 2009 SIGTERM[hard,] received, process exiting
