Saturday, October 31, 2009

network sniffing with a MacBook as intermediary

I bought a new network aware AV receiver for my home theatre the other week:
Pioneer SC-25

And I was trying to figure out how the Pioneer was communicating over the internet. Since there is no console to the receiver, the only way I could figure out what is was doing was to capture packets as they entered and exited the ethernet port of the device. Unfortunately, I didn't have a hub. A hub would allow me to connect the receiver and a laptop with Wireshark running in order to see the packets in and out of the receiver:

What to do?

Then I remembered that my MacBook has an Internet Sharing feature. You can share your Internet connection from either the AirPort or the ethernet port on the MacBook:

The Internet connection on my MacBook is provided by wireless, so theoretically, I should be able to:
1) share my MacBook's internet connection
2) connect the receiver to the ethernet port on the laptop for the shared 'net connection
3) have Wireshark sniff the ethernet port as the receiver's packets pass through it

After enabling Internet Sharing on the ethernet port, I connected the ethernet cable coming from the receiver to the MacBook's ethernet port. I fired up Wireshark, started streaming music from the Pioneer and sure enough, there were packets flying through the Interface monitor in Wireshark! Very cool.

Note: one problem you might see when you first start using Wireshark is this error:
/dev/bpf0: Permission denied

Just do give read permissions to that ethernet device:
chmod 644 /dev/bpf0



nick said...

Caca, where you been hidin? Nice to see you posting again.

Cacasodo said...

Hello there, Nick. and life had got me on the run there for a while. I'm back now.
hope all's well..or at least not any worse for you!

Feel free to drop me a line or ask me a question.