Android Tablets Forum banner
1 - 6 of 6 Posts

·
Registered
Joined
·
252 Posts
Discussion Starter · #1 ·
Hi there, I am interested in testing security of wireless networks. While to my knowledge there is no real sniffer available for the ANDROID OS, some useful tools like WiFiScan, PortScandroid and AndroidVNC are available here: Putting Together a Wireless Security Toolkit for the Android OS ? Securism BlogI tested these tools (except AndroidVNC) on my Eken M001/Vestinious 1.2.2, and they work fine (didn't test VNC, because I have no VNC server running....I will do later). Especially the portscanner can be useful to find "holes" in your own network/router firewall. :rolleyes:greetz, PADMANP.S: If someone knows a "real" WiFi sniffer with promiscous mode working on Eken M001, please post. Thank you !
 

·
Premium Member
Joined
·
2,596 Posts
I think I will follow this thread . i love when ppl think outside the box for what to do with there tablets . this is a great idea
 

·
Registered
Joined
·
100 Posts
I'd like to see some sort of tiny virtualization for the Eken's where we could port over a copy of nMap for security/penetration testing. I can create the port of nMap but I'd need to hear about some TINY virtualization ideas (if it is even worth it considering the computing power of these. Maybe run off an SD card?)
 

·
Registered
Joined
·
252 Posts
Discussion Starter · #4 ·
Hi there,I just tried out a new sniffer for the M001, its available here:Packet Sniffer - Android-ArtsIt indeed works on the M001, after installing tcpdump accoring to the instructions on the download site, I was able to capture traffic in my own network. Dont yet know if it also can capture WiFi in promiscous mode, but it is already a good advance.greetz, PADMAN
 

·
Registered
Joined
·
100 Posts
Since I've been testing my M001's with loading them up with apps, I'm noticing a significant slow down. How does this sniffer work performance wise? What about post capture results?
 

·
Registered
Joined
·
252 Posts
Discussion Starter · #6 ·
Hi rast4man,down below I posted a snippet of captured network traffic....seems like the Eken does not store the whole packets captured, but rather the adresses and the type of traffic...Snippet:12:02:34.494355 IP 165.193.245.41.80 > 192.168.1.101.49349: Flags [F.], seq 4169573690, ack 1584146828, win 54, options [nop,nop,TS[|tcp]>E..4;[email protected])...e.P.....:^l)....6.......":.012:02:34.530536 IP 192.168.1.101.49349 > 165.193.245.41.80: Flags [.], ack 1, win 3456, options [nop,nop,TS[|tcp]>[email protected]@.K&...e...)...P^l)....;..............12:02:36.538359 IP 192.168.1.250.55907 > 255.255.255.255.14675: UDP, length 34E..>[email protected]@.x.........c9S.*".NS0046.NS0046.MYNET.12:02:39.530574 ARP, Request who-has 192.168.1.1 tell 192.168.1.101, length 28...........#+7...e..........12:02:39.533691 ARP, Reply 192.168.1.1 is-at 00:1a:4f:fc:e3:e7 (oui Unknown), length 28..........O..........#+7...e12:02:39.558349 IP 192.168.1.250.33555 > 255.255.255.255.14675: UDP, length 34E..>[email protected]@.x..........9S.*y.NS0046.NS0046.MYNET.12:02:41.733226 IP 192.168.1.102 > 224.0.0.22: igmp v3 report, 1 group record(s)F..(!....u....f........".....................12:02:42.070761 IP 192.168.1.250 > 224.0.0.22: igmp v3 report, 1 group record(s)F..([email protected]".....................12:02:43.187834 IP 192.168.1.101.60530 > 255.255.255.255.137: NBT UDP PACKET(137): QUERY; REQUEST; [email protected]@.x....e.....r...:.............. ABACFPFOn interesting thing is, when online, the M001 is always contacted by 165.193.245.41, and responds on port 80. The IP belongs to admob in USA, if you use it with a browser on PC, you just get a cryptic error message.Anyone knows what this could be ?greetz, PADMAN
 
1 - 6 of 6 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top