Sniff network with the Pi

(Frank W.) #41

Which tools do you mean for update? Bridge-utils iproute2

Imho users should use actual tools provided by distibution and not need to self compile them. Can we/simply revert this patch?

Is 4.14 and 4.19 affected? I did not find this commit-message in stable git:

at least 4.14 and 4.19 does not contain this patch (found no tagging_show function in net/dsa/slave.c)

(Cioby23) #42


I’m using firewalld on the BPI-R2 device and it requires ebtables module and it seems is not compiled into the kernel. I’m using version 4.19.26

ERROR: ‘/usr/sbin/ebtables-restore --noflush’ failed: modprobe: FATAL: Module ebtables not found in directory /lib/modules/4.19.26-bpi-r2-main

(Frank W.) #43

ebtables is not for packet-sniffing, so off-topic here…i have added ebtables support in my repo so next travis build should work

(Cioby23) #44

Sorry I was searching for some thread related to ebtables module so I found this. Thanks for updating the kernel image.

(Frank W.) #45

solution from @moore : maybe this (define vlan for each dsa-port and the cpu-port) can be used to sniff traffic on the bridge:

ifconfig eth0 up
ifconfig lan1 up
ifconfig lan0 up
brctl addbr br0
brctl addif br0 lan1
brctl addif br0 lan0
vconfig add br0 10
ifconfig br0 up
ifconfig br0.10 netmask
echo 1 > /sys/class/net/br0/bridge/vlan_filtering
echo 1 > /sys/class/net/br0/bridge/vlan_stats_enabled
bridge vlan show
bridge vlan add dev lan0 vid 10 # define vlan10 for lan0
bridge vlan add dev br0 vid 10 self
bridge vlan show

if you are using ip instead ifconfig (shortened only as example):

ip link set eth0 up
ip link add link br0 name br0.10 type vlan id 10
ip addr add dev br0.10

have not tried it yet, because i have no bridge on my device and currently not much freetime. if i understand it right, you can let tcpdump listen to br0.10 to get lan0-traffic