Difference between revisions of "MAC Spoofing with Netgraph"
Jump to navigation
Jump to search
(first revision of the netgraph spoofing article) |
m (3 revisions) |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 23: | Line 23: | ||
# kldload ng_bridge | # kldload ng_bridge | ||
| − | * Next, create the eiface | + | * Next, create the eiface. |
| + | * 'ng_eiface' has exactly one hook, to a lower-level ng_ether node. | ||
# ngctl mkpeer . eiface hook ether | # ngctl mkpeer . eiface hook ether | ||
| − | * Now create and name the bridge: | + | * Now create and name the bridge. |
| + | * 'ng_bridge' has NG_BRIDGE_MAX_LINKS hooks, named 'linkN'. | ||
| + | * 'ng_bridge' hook 'link0' connects the downstream ('lower') from ngeth0: | ||
# ngctl mkpeer ngeth0: bridge lower link0 | # ngctl mkpeer ngeth0: bridge lower link0 | ||
| Line 37: | Line 40: | ||
# ifconfig ngeth0 inet 192.168.2.5 netmask 0xffffff00 down | # ifconfig ngeth0 inet 192.168.2.5 netmask 0xffffff00 down | ||
| − | * Now connect the ethernet device to the bridge: | + | * Now connect the ethernet device to the bridge. |
| + | * 'ng_eiface' hook 'upper' for fxp0: leads upstream to the bridge. | ||
# ngctl connect fxp0: bridge0: upper link1 | # ngctl connect fxp0: bridge0: upper link1 | ||
| − | * Now the virtual interface to the other half of the bridge: | + | * Now the virtual interface to the other half of the bridge. |
| + | * 'ng_eiface' hook 'upper' for ngeth0: leads upstream to the bridge. | ||
# ngctl connect ngeth0: bridge0: upper link2 | # ngctl connect ngeth0: bridge0: upper link2 | ||
| Line 59: | Line 64: | ||
# arp -a | grep "192\.168\.2\.5" | # arp -a | grep "192\.168\.2\.5" | ||
machine.domain.com (192.168.2.5) at 00:de:ad:be:ef:00 on em0 | machine.domain.com (192.168.2.5) at 00:de:ad:be:ef:00 on em0 | ||
| + | |||
| + | * You may need to re-add your default route: | ||
| + | |||
| + | # route add default ....... | ||
* Thats it. For an explanation, we'll have to work on that. | * Thats it. For an explanation, we'll have to work on that. | ||
Latest revision as of 21:44, 4 January 2013
Prerequisites
- Kernel in static or modular configuration that has the following enabled: ng_ether, ng_eiface, and ng_bridge.
- A fair amount of knowledge.
- A machine that you can break the crap out of.
Background
- We will be taking a machine with a physical network interface, adding a virtual interface, bridging them, and using the virtual interface in a live environment.
- There is an awful lot to netgraph(4). Read the manual pages often.
Assumptions
- We have a machine with (1) NIC, labelled 'fxp0'; its IP is "192.168.2.5/24".
- We can remove it from the network for testing. It will not piss off the boss or coworkers.
Configuration
- First, if you're using the kernel modules, load them:
# kldload ng_ether # kldload ng_eiface # kldload ng_bridge
- Next, create the eiface.
- 'ng_eiface' has exactly one hook, to a lower-level ng_ether node.
# ngctl mkpeer . eiface hook ether
- Now create and name the bridge.
- 'ng_bridge' has NG_BRIDGE_MAX_LINKS hooks, named 'linkN'.
- 'ng_bridge' hook 'link0' connects the downstream ('lower') from ngeth0:
# ngctl mkpeer ngeth0: bridge lower link0 # ngctl name ngeth0:lower bridge0
- Now setup the ngeth0 interface:
# ifconfig ngeth0 link 00:de:ad:be:ef:00 # ifconfig ngeth0 inet 192.168.2.5 netmask 0xffffff00 down
- Now connect the ethernet device to the bridge.
- 'ng_eiface' hook 'upper' for fxp0: leads upstream to the bridge.
# ngctl connect fxp0: bridge0: upper link1
- Now the virtual interface to the other half of the bridge.
- 'ng_eiface' hook 'upper' for ngeth0: leads upstream to the bridge.
# ngctl connect ngeth0: bridge0: upper link2
- Now setup the physical interface:
# ngctl msg fxp0: setpromisc 1 # ngctl msg fxp0: setautosrc 0 # ifconfig fxp0 delete
- And finally, connect it to the last piece of the bridge:
# ngctl connect fxp0: bridge0: lower link3
- Now on your upstream router (if you can access it):
# arp -a | grep "192\.168\.2\.5" machine.domain.com (192.168.2.5) at 00:de:ad:be:ef:00 on em0
- You may need to re-add your default route:
# route add default .......
- Thats it. For an explanation, we'll have to work on that.