---

I've really been neglecting this blog, so here's some content!

I stayed up last night to check out the presentation about the new Hak5 gear. They released a few things which included something called the 'Packet Squirrel'. Now this device is basically a LAN Tap that you can SSH into and do some cool stuff with. It's a smart LAN Tap I guess. Anyway, there wasn't too much information given in the presentation so I started digging through the documentation and Github repo to see what details I could find. I found a folder scripts for launching a few tools, which included tcpdump. I took a look at the script for launching tcpdump and found this at the bottom:

So with the Packet Squirrel, you can only run a packet capture if you have a USB drive connected. Now this makes some sense as pcap files can get pretty big pretty quick and the device itself will only have limited memory. But then I was thinking that it's pretty limiting. Even if you had a USB drive connected, you can't really predict exactly what size you might need. So I was thought to myself "Wouldn't it be cool if you could forward packets from a live packet capture to a remote device without saving the capture locally? I wonder if I could do that with pipes". It turns out that you can send packets from a live capture over to another device using pipes. This can all be done using tcpdump and netcat!

First, we'll start a netcat listener on our remote device, and we'll pipe the output to tcpdump. We'll pass arguments to tcpdump to read from stdin:


Next, on the device we're capture traffic on, we start tcpdump, get it to write data to stdout and pipe the output to a netcat connection:


...and there we go! The device with the listener will receive the captured packets.