I am aware of some of the other projects out there and may end up building off of them, but I really wanted to have an outside perspective on a few things before running down too many of the wrong rabbit holes. The idea is to use a raspberry pi loaded with kali to perform a transparent physical man in the middle situation while avoiding pitfalls of NAC detection. To summarize what I am trying to accomplish:
- Install raspberry pi inline between network switch and host in a listening mode.
- Raspberry pi detects switch port MAC and Host port MAC.
- Raspberry pi spoofs the MAC of the switch port onto the interface connected to the host.
- Raspberry pi spoofs the MAC of the host port onto the interface connected to the switch port.
- Pi configures routing and establishes pass-through connection while never showing the native MAC of the
interface to the host or switch ports.
- Pi logs all communications to SD
- Using WIFI link of pi to mobile hotspot, Establish remote connectivity for retrieving capture files or viewing/injecting network traffic.
The most important consideration is that the native MAC of the Raspberry pi interfaces must never be seen by the host or switch port. Native MAC being visible would be detected by NAC software and cause a shutdown of the switch port in question. As mentioned earlier, I am aware of the rouge pi project as well as a few others, but they do not encompass everything I am looking to accomplish. I am open to any suggestions or comments regarding the feasibility of such a configuration. Thanks in advance,
Steve Cap
Be the First to Respond
Share Your Thoughts