seb/2024-bsc-sebastian-lenzlinger
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2024-bsc-sebastian-lenzlinger/notes/wiki/EnvironmentSetup.md
Sebastian Lenzlinger fa48b15fc7 SYNC commit.
2024-03-26 04:02:05 +01:00

49 lines
3.3 KiB
Markdown
Raw Permalink Blame History

Here I try to document the setup needed to perform reliable captures of IoT device traffic. Setting up the environment properly is a precondition for capture tools like
[[Wireshark]] et al. to capture ALL traffic needed reliable (while also avoiding nosie).
Since most IoT devices use the internet, it is vital that any capturing mechanism/setup does not interfear with their ability to phone home.
At this point I can descerne the following steps.
Essentially, all this is to enable reliable [[monitoring]] of IoT network traffic.
# Overview/Big Picture
Assumption: The machine used to capture traffic has internet acces either wired (ethernet) or wireless (wifi, maybe bluetooth?).
Since IoT devices work wirelessly the testing/experiment environment needs at least none wifi card which supports AP mode (see [[iw]]). It will act as the AP for the device to be tested.
Since many IoT devices are internet enabled we need a way to bridge the IoT<->AP network to the internet.
Problem: How do we get internet access to an IoT device?
1. It connects to a router. The router must then be able to: Mirror ports/run required capturing software itself
2. It connects to an AP on some other machine. The other machine is connected via some other iterface to the internet.
1. Wired Internet: Either using a (software) bridge or NAT make sure traffic IoT<->Internet can be established and that it can capture all needed packets.
2. Wifi Internet: Same as wired. But special care must be taken on a "unclean" system. Desktop systems tend to come with running network management utilities and daemons running. To avoid them interfereing with the AP card special care must be taken, see e.g. [[nmcli]].
So what must a toolkit which sets up the experiment environment be able to do:
1. __AP Service__ Through config or detection setup a properly configure AP, possibly on a external adapter
2. __IP networking dependencies__ Since the experiment machine is replacing some functionality usually offered by the router to connecting host, some router functionality must be offerd. In particular [[dhcp]] (IoT device needs an IP) and [[dns]] (IoT device needs some way to get IPs of hosts it wants to connect to).
3. __Internet Gateway__ Enable any IoT device to connect to the Internet. That is, test machine must at least be a [[gateway]] and the IoT device should ideally be able to understand that without any configuration.
4. Any firewall must allow for [[dhcp]] and [[dns]] services to be accepted by experiment host.
# AP Configuration
## Using NetworkManager
See [here](https://variwiki.com/index.php?title=Wifi_NetworkManager#Configuring_WiFi_Access_Point_with_NetworkManager). Can use the command line tool [[nmcli]].
## Using [[hostapd]]
Must first make sure that the interface is not managed by nmcli, see [[nmcli]].
It turns out that _**leaving out**_ those parts of the config file which have to do with security and auth:
```
# hostapd.conf
# Do not include in config if we wish to have an open auth AP!
wpa=2
wpa_passphrase=11help22help33
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
```
Further more we set the config option `auth_algs` appropriatly so open auth is allowed:
```
auth_algs=1
```
see [[hostapd]] for description of the option.
# DNS and DHCP
#TODO
Tools: [[dnsmasq]]
# Internet
#TODO
Possible tooling: [[iw]], [[firewalld]], [[iptables]], [[netables]]
Reference in New Issue View Git Blame Copy Permalink