Skunk firmware 1.2.0 released - VLAN support, multiple sniff output ports and more
After reading many of your messages about the Skunk and its features, I was able to get a better understanding of what most users needed. I took some time the past few days to work on implementing the features that seemed to warrant the highest attention.
So here it is (finally): version 1.2.0 of the Skunk firmware. In in this article I will try to present the changes brought along by this new update.
A better command-line interface
One of the key advantages of the Skunk is the simplicity with which it can be configured, simply by plugging in a USB cable and firing up a terminal.
However, I have always felt that the command-line interface itself was lacking in clarity and organization. This was therefore an opportunity to improve on this particular aspect.
The command-line interface now features the following commands:
- help - Display available commands
- clear - Clears the display
- skvers - Get firmware version
- skname - Get / set device name
- skport - Switch port management
- skvlan - VLAN details
- skconf - Configuration management
These are presented in more detail in the Skunk User Guide.
Hopefully these new commands should make it even easier to manage the growing number of features included with the Skunk.
The more advanced of these such as 'skport', 'skconf' or 'skvlan' each have their own detailed help which can be displayed by following them with the 'help' argument.
The entire configuration of the Skunk can now be saved to non-volatile memory with the 'skconf save' command. Upon start-up, any stored configuration is loaded and applied.
At any moment, the stored configuration can be reloaded by using the 'skconf load' command, while the 'skconf dflt' command allows reloading the factory-default configuration. Please note however: the configuration is never saved automatically - the 'skconf save' command must be used to store the current configuration to non-volatile memory.
Among the new commands introduced previously, 'skname' allows giving a name to a Skunk device. The name is part of the configuration and thus stored and loaded along with it.
VLAN support (access ports, trunks, double tagging)
The number one request was for the Skunk to feature some VLAN support. To be honest this came as a surprise to me. I believed most users would be interested in other improvements, but VLANs really seemed to be a necessary addition for a significant number of people.
Each port on the Skunk can now be configured as an access port for a given VLAN or as a trunk port carrying all VLANs, all from the simple 'skport' command.
By default, trunk ports are 'tagged' (802.1Q headers are injected into the frames), while access ports are 'untagged'. This behavior can be overridden on any or all ports to create untagged trunks or tagged access ports.
Double tagging can be enabled or disabled via the 'skvlan dtag' command.
Again, more detail about how to configure these is available in the Skunk User Guide and directly from within the command line by using the 'skport help' and 'skvlan help' commands.
Multiple sniffer outputs
Since day one the Skunk was able to sniff any combination of TX and RX traffic from all ports, and mirror it all to a single 'output' port.
A large number of you have been asking about the ability to have the sniffer output on multiple ports. I must admit that this has in fact been something I was looking for myself. Indeed, up until now, the Skunk allowed bypassing 802.1X NAC for only one 'ghost' computer per Skunk, requiring the use of multiple devices to bypass NACs with more than one computer. I was in a pentest just recently where my colleague and I had to daisy-chain both our Skunks together to be able to bypass the NAC with both our laptops from a single upstream Ethernet port.
The new Skunk firmware allows any combination of RX/TX sniffing on any ports, with any combination of output ports. The only (kind of obvious) limitation is that a port cannot be configured as an output while also having TX/RX sniff enabled on it (this would be rather meaningless).
Just as always, all ports also still function as normal switch ports regardless of sniffing configuration. This allows for some pretty neat tricks like bypassing NACs for multiple computers with a single Skunk.
Sniffing is configured through the new 'skport' command, for which more detail can be obtained by typing 'skport help' or by reading through the Skunk User Guide.
How do I get it?
Starting today, all Skunks are now shipped with the new firmware. You can get yours from the store.
If you wish to upgrade your current Skunk to this new firmware, you will need to download the firmware image from the Skunk User Guide. Then, you will need to use dflash (from the Dooba SDK) - press the reset button on the Skunk and run the dflash command to write the new firmware (more detail about this in the user guide).