The last couple of days have been spent destroying my home network, much to the anger of my family for lack of interwebs. From the last post, it was suggested to try out OpenWRT on my router which is essentially a minamalistic version of Linux designed for use with a variety of routers. From their documentation, users and IRC channel, I was told I could record all packet data using tcpdump and pass-through all connections to the iPhone to save on having to build a home-made bridge to do the work. Unfortunately, I tried this several times which almost bricked my router and took several hours to get back online. In the end, I had to revert to the previous configuration but I have decided to upgrade the firmware on both the router (Zyxel Prestigue – 3.0) and the Wireless AP (Linksys WAP54G).
As it stands, this was a postitive move. The upgraded firmware gave me SUA configuration options in the NAT configuration. This allowed me configured a pass-through forwarding all connections from the WAN to the LAN to a specific IP address. I tested this without the bridge and ran tcpdump on the iPhone itself, NOT’ing the IP addresss I was sshing from to avoid heaps of packets showing up from the SSH connection.
tcpdump -w ~/Media/test.pcap host not 192.168.1.33
This was tested to ensure that the NAT on the router wasn’t translating ALL addresses and connection attempts as they wre being passed-through. The last thing I’d need is a heap of adresses originating from within the network. The test was conducted and the test.pcap file was transferred and exmained using Wireshark. This proved successful. I also attempted opening an SSH connection from redbrick.dcu.ie via their proxy server and threw a few bad passwords at it to see what the login attempts would look like. This looked promising.
The following is a screenshot of the analysis with some of the packet info:
.. and some of the packets extracted via tcpdump: