In my previous post I described how to utilize a Raspberry Pi and capture the traffic from a network device’s SPAN port. In this post, you will find out how to create a proper Network Tap which directly intercepts a network device’s traffic. This is actually a hardware variance of the Man in the Middle Attack (MiTM) which eliminates the requirement for network speed degradation of the Passive Taps.
How often have you looked for a secondary device to keep it connected to a network for packet analysis and troubleshooting? Sounds familiar? Yes, we all have the same problems! Let’s utilize a Raspberry Pi 4 and an external disk drive to make a DIY plug-and-play Network Tap.
Many guides exist describing how to flash a CC2531 USB adapter using a Raspberry Pi instead of a CC debugger. The problem with almost all of those guides is that they are outdated and don’t work on newer devices (specifically with 64 bit architecture). Most of the times the issues have to do with outdated version of wiring PI, or the precompiled for 32 bit devices cc_* binaries (cc_chipid, cc_read, cc_write). In this guide you will learn how to flash CC2531 using a Raspberry PI 4 or any other device with 64 bit architecture OS.
Today I read this official document (published on September of 2022) which describes how to change the MAC Address of Raspberry PI Devices. Interestingly it describes a different method for Raspberry Pi 4, 400 and CM 4 by editing the EEPROM configuration, using the following command:
sudo -E rpi-eeprom-config --edit
In the configuration file append a new line with the required MAC Address as follows:
Save the new configuration (Use Ctrl + X to stop editing, Y to overwrite current file and ENTER to confirm). Upon saving the following message appears:
Finally, reboot your device in order to apply the new MAC Address. Warning If the device gets IP from a DHCP server, then most probably after the reboot it will be assigned with a new IP address.
This is a different (and simpler) technique from the one which I described in a previous post (which works for all models)
Even if your home’s automation is separated from any other network and not internet accessible, it’s always a good practice to use encryption. Failing to encrypt the connection to HomeAssistant’s web interface using an SSL/TLS certificate, results in leaving your password and other data traveling the network as plaintext susceptible to eavesdropping.
In general a watchdog is a piece of equipment that supervises other systems and resets them in case it detects that those systems are failing, automating the process and increasing the reliability of the system. Network Watchdog is a simple watchdog for monitoring network connectivity and power cycle a device based on ICMP ping replies.
With it’s minimal power requirements, Network Watchdog can use the controlled device’s DC Power source (between 5 and 12 volts) to function, avoiding any additional power requirements. The following is an example setup:
If you happen to read the previous post, this one is an extension to the BYOPM device for enabling 2FA on the VaultWarden instance using a Solokey. Two Factor Authentication (2FA) is implemented to better protect both a user’s credentials and the resources the user can access.
BYOPM is a portable Password Manager implementation based on VaultWarden, an unofficial implementation of BitWarden and a Raspberry PI Zero. It’s a self hosted solution, with full functionality, which is activated by just plugging the device on your computer. Bitwarden’s Official browser addons and extensions are also supported, and the device has been tested both on Windows (10 and 11) and Linux (Debian Based).
This is how to enable Home Assistant’s SMS Integration Service using the Geetech Arduino GPRS Shield (based on the SIMCom SIM900 module) on a Raspberry PI 4 over serial communication. The host system is using Home Assistant Supervised which was deployed in docker.