Port Redirection / Server Redirection

#1
I've some hardware at work which communicates externally to remote servers.

1. I'd like to know a simple way to workout / log which port(s) are used & the IP(s) of the servers it send data.

2. How would I do a "man in the middle attack" & redirect ports / ip somewhere different

Its wired etherent & I've had basic play with wireshark but don't really know what I'm doing
 
#2
Assuming Linux, you can try:

tcpdump -i eth0 host <ip_address>

You should then see all the connections to and from that server.

Redirecting requires you to have another machine set up as the gateway with routing available, then you can do all sorts of unusual things with iptables to redirect ports, IP addresses, etc.

I expect 20% of the funds you are siphoning.
 
#4
I've some hardware at work which communicates externally to remote servers.

1. I'd like to know a simple way to workout / log which port(s) are used & the IP(s) of the servers it send data.

2. How would I do a "man in the middle attack" & redirect ports / ip somewhere different

Its wired etherent & I've had basic play with wireshark but don't really know what I'm doing
Don't be so lazy.

 
#5
I expect 20% of the funds you are siphoning.
Its not that exciting,

I've been gifted a some old hardware, however it needs a firmware update to operate

Its does this by downloading the latest version off the manufactures servers, however sometime ago they moved server IP's & my old hardware is looking in the wrong place
 
#6
If it's using a DNS lookup that no longer works, you could set up a local DNS that points to the correct IP - you'd still need to work out what it's doing though.
 
#9
That is discontinued, I see where your 'man in the middle' comment comes from now. You will probably find Bosch no longer write firmware for it. Have you had a look at forums for it? someone may be writing custom firmware for it.
 
#11
You have a comms device that does TCP/IP in one direction and serial in the other, maybe 232 and 485. Paging @Roadster280 and @greenbaggyskin

I used to work with something similar, it was only of any use until the next iteration came out, then it was obsolete. It doesn't matter who branded it.
 
#12
Edited to remove content.

I did post quite a bit about this, but having just thought about it, given what this device is/does, perhaps not the thing to be describing how to do. If it's even possible, which it really shouldn't be, without authentication.
 
Last edited:
#13
Thanks all, I there's a few pointer in the right direction

I've got a working product which I can force to check for firmware updates

& some bosch branded units on a junk shelf, I can force them to check for firmware but I'm aware there looking in the wrong place & have been given the impression theres no authentication or subscription required for the firm update updatng
 
#14
I don't know what that box is or what it's used for, but if my old chum @Roadster280 says it's dodgy, then I believe him. So no detail from me.

In general though Wireshark is your best friend. Monitor the interface then filter for all traffic from the known source IP address. Look at the captured packets and identify one of those you're interested in, right click on it and follow the TCP stream. From that result just open the individual packets and you will see within the protocol stack the particular port info/IP you are looking for.

Wireshark is a very powerful tool if you know what you are doing.
 
#18
Don't call it IT! That marks you out immediately as an uninformed outsider. It's a bit like journalists calling all green vehicles tanks.
Yup, correct terminology is important.

Refer to it as "that computer shit" or "nerdy crap", that way your IT department will recognise you as one of the in crowd and respect you all the more.
 
#19
Being hip, I refer to them ironically as the cool kids in the nerd dept,

the ironic bit being "cool", They lack the interpersonal skills to groom even the most vulnerable online...
 
#20
when the device be in use / commissioned you are unable to perform the firmware update w/o authorisation as it will various signals when it restarts :)
Richtig!
 
Thread starter Similar threads Forum Replies Date
msr The Intelligence Cell 6
Mr Happy The Intelligence Cell 1
M The Intelligence Cell 5

Similar threads

Latest Threads

Top