linux meterpreter : enable sniffing on any type of interface #254

wants to merge 3 commits into


None yet
2 participants

mephos commented Mar 21, 2012

currently, sniffer extension assumes that sniffing occurs on an ethernet interface

if one sniffs on the "any" interface or a point-to-point one (without ethernet header, packet starts at IP header), the LINKTYPE_ETHERNET linktype will be written to the pcap file and wireshark won't be able to read it correctly ("any" interface need SSL_COOKED linktype, point_to_point needs RAW linktype...)

patch gets the linktype when starting the capture and saves it in the pcap file when retrieving packets

PS: commit also contains "ps" support for linux meterpreter, don't know how not to commit it, sorry (but it's already pull request 250)

jlee-r7 closed this in 55bb7ab May 16, 2012

@jlee-r7 jlee-r7 pushed a commit to jlee-r7/metasploit-framework that referenced this pull request May 16, 2012

@egypt egypt Linux binaries for consolidation
This includes ps support, sniffer enhancements and the new loadlib API

[See #250][See #254][See #375]

@jlee-r7 jlee-r7 added a commit that referenced this pull request May 17, 2012

@jlee-r7 jlee-r7 Merge pull request #390 from jlee-r7/consolidate-250-254-375
Consolidate #250, #254, #375
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment