 Time here for more systems and we're gonna talk about packet sniffing with Unify access points. Unify was nice enough to Put TCP dump in each of their access points or at least everyone I've tested including from the in-wall the base station the nanos Etc. And TCP dump is a way you can grab a network interface and Pull all the data dump it into TCP dump get all the packets that are in there But I want to show you how to do it from your computer and then pipe it into wire shark directly So you can get real-time packet capture off of an access point. Why would you do such a thing? Well, my first answer is why not? Second answer is this is very practical when you're trying to troubleshoot connectivity issues and trying to figure out what traffic is being Passed between for example the firewall or the gateway and the device itself to try to sort out some of the issues such as Where's the ECP coming from or where is it failing at? Before we dive into the details of how to set this up Let's first feel like to learn more about me and my company head over to Lawrence systems calm If you like to hire short project There's a hires button right at the top if you like to help keep this channel sponsor-free and thank you to everyone Who already has there is a join button here for YouTube and a patreon page your support is greatly appreciated If you're looking for deals or discounts on products and services We offer on this channel check out the affiliate links down below They're in the description of all of our videos including a link to our shirt store We have a wide variety of shirts that we sell and new designs come out well randomly so check back frequently and finally our Forums forums dot Lawrence systems comm is where you can have a more in-depth discussion about this video and other tech topics You've seen on this channel now back to our content now the first thing we need to do is enable SSH So we go over here to settings Scroll down and there's the box to enable SSH authentication and it gives you the option to adding an SSH key This allows you to do password list login. I've got a whole video on SSH keys Now go back over to here to our devices and we got to pick the device We're gonna log in to and I'm gonna choose this unify nano which is at 192.168 3.41 First step can we log into it? So we'll go Thomas at 192.168 3.41 Great I can log into it and TCP dump you can check it's right here And then you can specify the interface, but how do you know which interface to use that's actually pretty simple all the unifies I've tried this on and I've tried it on quite a few of them all have well a lot of interfaces But you go all the way up usually and depending on the way it's ordered when it's dumped out and look for the BR0 interface that is the bridge interface that ties all the other interfaces that get built inside of the unify Access points together now quick side note if you're asking if this will work on a switch not to my knowledge I'm not sure any way to do this on their switches. They don't work in the same way as the access points But once you find BR0, you'll actually also find at BR0 the IP address assigned to the device Next you're gonna see dot in a 150 and 69 those actually represent VLANs So you may not have the same VLAN numbers as me or maybe you do but this is how you can specifically get onto a One individual VLAN that you've created so when you create an SSID you tie it to a VLAN It creates BR0 dot that VLAN tag So we're gonna do 100 because at the demo network we have I'm gonna connect my phone to it shortly So that's where we're gonna start now if you started at connecting at BR0 so you can get everything Well, you get everything but you also have to do something else And let's go ahead and exit out of this and look at the actual command We're gonna run here and that's this right here if you do while you're sark minus K minus I SSH Thomas 3.41 Port 22 TCP dump interface BR0 Dot 100, but if we didn't have the dot 100 we'd have to do what I'm gonna show you Later in the tutorial here down here when you're connecting It will also wire shark if you grab the root of it that BR0 and Start showing all the traffic from your connection to the device as well You kind of want to eliminate that particular traffic because it's redundant You don't need your traffic going to it that's kind of watching things in a loop So you say things like host not and then you put the IP address and we'll get to that later in a tutorial But you can also say host and then an IP address and that will filter for specifically that IP address Well, let's go ahead and do it right here We're gonna wire shark and attach to this particular network and then we'll attach something to the network and see what happens So just run the command so exit out of this All right now. It's monitoring this particular VLAN and there's nothing on it right now Like I said, it's empty. That's why I chose it because I didn't want a bunch of noise on there I'm gonna attach my phone to it. So go to my phone and we're just gonna switch over to this particular network and Attach it and right away my phone's making some noise now First thing. Let's look at is DHCP Because it's a popular thing that people have the troubleshoot and let's look at the offer request and we can see that It was answered. So DHCP enter so we filter for it There we go. Here is the discover discover and then offer accept it and You're going back and forth and now we can see that yes it acknowledged and has that IP address So you can go through and start troubleshooting things now Let's switch to a different network that has things like the Chromecast on it Because there's another popular thing that people may want to do some troubleshooting on So we're gonna go ahead and stop and quit without saving Because I don't really want to see the packet, but it could you can save that capture So then go back over here unify My shark and don't worry. I'll leave the command linked below insert 69 and VLAN 69 is a network that has a Chromecast on it So we're gonna do that and then we'll take my phone attached to it the Chromecast Which is actually on the TV behind me. It's attached to it And we'll follow through what happens with the Chromecast and start watching the traffic from there So you swap it over here Unify a wire shark. All right, there's the Chromecast and let's get my phone going Switch over to that network. All right, it's connected and we can probably filter really quickly here for DHCP and Find my phone's address, which would be right here 140. I know that's the address that was assigned to my phone but we'll go ahead and Let it spill all the traffic Now let's do something by connecting to the TV behind me Um, I don't know. It's a good thing to open probably YouTube. I'll make noise Don't want to do that. We'll just connect google photos to it And you can see the TV behind me So turn it on google photos real quick here And yeah get the idea um Pull a picture up behind me. Hey look it's a picture of my tesla For those wondering it's yeah grab a photo. Whatever. It doesn't really matter the traffic now You can see the udp traffic heading between these devices. So All right, we're definitely learning something here. So 172 69 140 and 128 and 128 being the ip address there We're seeing it sends traffic over udp between these devices. That's interesting and when I move this We've got another picture another picture Moving things across here. All right. We can watch this traffic. It's using different protocols but you get the idea we're able to sniff into this and You know figure out what's going on and if there's a problem or in this case, it's working fine Just out of curiosity. What is it actually sending and of course with all the amazing collection of iot devices people love Putting in their house or might be curious where those are going you put them on a separate vlan You can now watch that connection as they're connected to that particular access point Now I had mentioned and we'll close this without saving What happens when you want to connect to something and you're doing it from your computer and you want to grab Br0 and let's add another twist to that. Let's go here. I have config And look for the tunnel address because i'm actually vpn back to my house So 192 wants to say 69.2 is the tunnel address for the vpn that i'm using Which means that's the ip address that will be seen when I ssh into the device. All right, so let's go here And edit this again Unify wire shark And this is the home address Oops And we wanted to say host not 69.2 or we ended up with that loop of constant data going back and forth But I want to grab this and see what's going on on this access point I set up at home now This is a use case that comes up quite a bit where we have to troubleshoot something from our office And the client is remote to do a lot of consulting work We do like this starts with what's going on and troubleshooting things remotely If you have a good vpn that you can get there, but you don't want to Pull too much. So if you're doing this on a really active network I also recommend adding a specific host you're looking for like host and put the ip address Because you can't exceed the amount of bandwidth between you and that remote client So of note, but because there's not much going on at this moment because I Willing to bet there's no one home or no one awake this really Doing anything online, but there's still going to be some noise because I have devices at home that connect to the wi-fi So let's go ahead and kick this off and show you how it can work remotely And I can see things talking remotely that are attached to it Same thing we're starting to see all the traffic go back and forth mdisk from 121 I bet that's a google chromecast. I feel pretty confident actually that it is Yep, uh google nest mini that's actually not a google nest It's uh something that my wife has plugged in. It's uh one of the little google What do they call the google home home? I think it's what that's called Anyways, uh, she's decided to connect that the other day We left it on to play with it and uh the kids get a kick out of it But you can start seeing all the things that this listening device is I'm not a big iot person So there's actually not that much going on in my house. I have chromecast And my wife had plugged in this because someone gave her one which there's a whole different discussion of whether or not That should be there. I do have a chromecast right here creating noise But now you can see how you can dive into something that's remote and start gathering intel on it or You know troubleshooting it trying to understand what traffic and what's connected to it Now the final thing i'm gonna leave you with here is how to get wire shark up and running on a linux install Like i'm doing here. Also, I don't have a tutorial how to do this in windows because just not a big windows user And it's pretty easy to do inside of linux And the first one is this Super user do d package reconfigure wire shark common Put your password in Put your password in right Yes, it did as if i was on drugs should non super users be able to capture packets. Make sure you answer this to yes All right, you're all set next thing that you need to do ch mob plus x user bend dump p cap doing this from your user with sudo That means you're going to add the Executable permissions to the dump cap so it'll work If not, you're going to start googling a bunch of errors and come back to learning that those two commands are the ones To get wire shark working I just want to leave that in the video here for those of you that may be experiencing trouble with it But that's all there is to doing this. I really love that they love that they left tcp dump in here It makes it well handy when you're doing network troubleshooting and wi-fi troubleshooting like we spend Some time doing figuring out why something didn't connect or did connect But didn't get an address or connect it and send something weird or just where are things going? That's always a big question everyone asks I'll leave the commands typed out below so you don't have to try and copy and paste them off the youtube screen here And thanks and thank you for making it to the end of the video If you like this video, please give it a thumbs up If you'd like to see more content from the channel, hit the subscribe button and hit the bell icon If you like youtube to notify you when new videos come out If you'd like to hire us head over to laurancesystems.com fill out our contact page And let us know what we can help you with and what projects you'd like us to work together on If you want to carry on the discussion head over to forums.laurancesystems.com Or we can carry on the discussion about this video other videos or other tech topics in general Even suggestions for new videos. They're accepted right there on our forums, which are free Also, if you like to help the channel in other ways head over to our affiliate page We have a lot of great tech offers for you. And once again, thanks for watching and see you next time