Port Redirection / Server Redirection

#1
I've some hardware at work which communicates externally to remote servers.

1. I'd like to know a simple way to workout / log which port(s) are used & the IP(s) of the servers it send data.

2. How would I do a "man in the middle attack" & redirect ports / ip somewhere different

Its wired etherent & I've had basic play with wireshark but don't really know what I'm doing
 
#2
Assuming Linux, you can try:

tcpdump -i eth0 host <ip_address>

You should then see all the connections to and from that server.

Redirecting requires you to have another machine set up as the gateway with routing available, then you can do all sorts of unusual things with iptables to redirect ports, IP addresses, etc.

I expect 20% of the funds you are siphoning.
 
#4
I've some hardware at work which communicates externally to remote servers.

1. I'd like to know a simple way to workout / log which port(s) are used & the IP(s) of the servers it send data.

2. How would I do a "man in the middle attack" & redirect ports / ip somewhere different

Its wired etherent & I've had basic play with wireshark but don't really know what I'm doing
Don't be so lazy.

 
#9
That is discontinued, I see where your 'man in the middle' comment comes from now. You will probably find Bosch no longer write firmware for it. Have you had a look at forums for it? someone may be writing custom firmware for it.
 
#12
Edited to remove content.

I did post quite a bit about this, but having just thought about it, given what this device is/does, perhaps not the thing to be describing how to do. If it's even possible, which it really shouldn't be, without authentication.
 
Last edited:
#13
Thanks all, I there's a few pointer in the right direction

I've got a working product which I can force to check for firmware updates

& some bosch branded units on a junk shelf, I can force them to check for firmware but I'm aware there looking in the wrong place & have been given the impression theres no authentication or subscription required for the firm update updatng
 
#14
I don't know what that box is or what it's used for, but if my old chum @Roadster280 says it's dodgy, then I believe him. So no detail from me.

In general though Wireshark is your best friend. Monitor the interface then filter for all traffic from the known source IP address. Look at the captured packets and identify one of those you're interested in, right click on it and follow the TCP stream. From that result just open the individual packets and you will see within the protocol stack the particular port info/IP you are looking for.

Wireshark is a very powerful tool if you know what you are doing.
 

Latest Threads

New Posts