seb/2024-bsc-sebastian-lenzlinger
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2024-bsc-sebastian-lenzlinger/notes/wiki/EnvironmentSetup.md
Sebastian Lenzlinger fa48b15fc7 SYNC commit.
2024-03-26 04:02:05 +01:00

3.3 KiB
Raw Permalink Blame History

Here I try to document the setup needed to perform reliable captures of IoT device traffic. Setting up the environment properly is a precondition for capture tools like Wireshark et al. to capture ALL traffic needed reliable (while also avoiding nosie).

Since most IoT devices use the internet, it is vital that any capturing mechanism/setup does not interfear with their ability to phone home.

At this point I can descerne the following steps. Essentially, all this is to enable reliable monitoring of IoT network traffic.

Overview/Big Picture

Assumption: The machine used to capture traffic has internet acces either wired (ethernet) or wireless (wifi, maybe bluetooth?). Since IoT devices work wirelessly the testing/experiment environment needs at least none wifi card which supports AP mode (see iw). It will act as the AP for the device to be tested. Since many IoT devices are internet enabled we need a way to bridge the IoT<->AP network to the internet. Problem: How do we get internet access to an IoT device?

  1. It connects to a router. The router must then be able to: Mirror ports/run required capturing software itself
  2. It connects to an AP on some other machine. The other machine is connected via some other iterface to the internet.
    1. Wired Internet: Either using a (software) bridge or NAT make sure traffic IoT<->Internet can be established and that it can capture all needed packets.
    2. Wifi Internet: Same as wired. But special care must be taken on a "unclean" system. Desktop systems tend to come with running network management utilities and daemons running. To avoid them interfereing with the AP card special care must be taken, see e.g. nmcli. So what must a toolkit which sets up the experiment environment be able to do:
  3. AP Service Through config or detection setup a properly configure AP, possibly on a external adapter
  4. IP networking dependencies Since the experiment machine is replacing some functionality usually offered by the router to connecting host, some router functionality must be offerd. In particular dhcp (IoT device needs an IP) and dns (IoT device needs some way to get IPs of hosts it wants to connect to).
  5. Internet Gateway Enable any IoT device to connect to the Internet. That is, test machine must at least be a gateway and the IoT device should ideally be able to understand that without any configuration.
  6. Any firewall must allow for dhcp and dns services to be accepted by experiment host.

AP Configuration

Using NetworkManager

See here. Can use the command line tool nmcli.

Using hostapd

Must first make sure that the interface is not managed by nmcli, see nmcli. It turns out that leaving out those parts of the config file which have to do with security and auth:

# hostapd.conf
# Do not include in config if we wish to have an open auth AP!
wpa=2
wpa_passphrase=11help22help33
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP

Further more we set the config option auth_algs appropriatly so open auth is allowed:

auth_algs=1

see hostapd for description of the option.

DNS and DHCP

#TODO Tools: dnsmasq

Internet

#TODO Possible tooling: iw, firewalld, iptables, netables