Documentation Payloads Community Support

Networking and modes

What goes in might come out

The Packet Squirrel supports several network modes.

Network modes are configured by payloads: Choose the best mode for your purposes! Payloads should use the NETMODE command to set the appropriate mode, for instance:

# Set transparent bridge mode
NETMODE TRANSPARENT

# Perform other operations
...

NAT

NAT, or Network Address Translation, is the most basic network mode.

In NAT mode the Packet Squirrel acts as a router, similar to that likely found on the average home network.

Devices connected to the Target port will be given an IP address via DHCP in the 172.16.32.X range.

The Packet Squirrel will attempt to acquire an IP address via DHCP from a network connected to the Network port.

Traffic from devices on the Target port will be rewritten to appear from the IP obtained on the Network port.

NAT mode is often most useful when stealth is not required, since devices on the Target port will receive a new IP address.

In NAT mode, the Packet Squirrel be able to access the network, and the Internet at large (if permitted by the network). NAT mode supports VPN and Cloud C² operation.

BRIDGE

In BRIDGE mode, the Packet Squirrel operates as a transparent layer-2 bridge.

Packets which are seen on one side of the Packet Squirrel are copied, without changes, to the other side.

Devices connected to the Target port will continue to get IP addresses from the network connected to the Network port.

In BRIDGE mode, the Packet Squirrel will also attempt to obtain an IP address from the connected network. BRIDGE mode supports VPN and Cloud C² operation.

BRIDGE mode is more subtle than NAT and is less obvious to the target devices, however the Packet Squirrel will still appear as a network device.

TRANSPARENT

In TRANSPARENT mode, the Packet Squirrel operates as a transparent layer-2 bridge (the same as BRIDGE mode), but does not attempt to obtain an IP address from the Network port, and is not visible on the network.

Devices connected to the Target port will continue to get IP addresses from the network connected to the Network port.

TRANSPARENT mode is the stealthiest operational mode, however the Packet Squirrel will not obtain an address from the network, and cannot use VPN or Cloud C² connectivity.

JAIL

In JAIL mode, the Packet Squirrel will disconnect target devices from the network.

Devices on the Target port will no longer have network or Internet access, and will not be able to obtain an IP address.

The Packet Squirrel itself will continue to have network access, and can continue to use VPN and Cloud C².

JAIL mode is most effective when combined with traffic detection or filtering payloads for blue-team exercises or for analyzing and disconnecting Target devices attempting to reach out to suspect resources on the network.

ISOLATE

In ISOLATE mode, the Packet Squirrel disconnects the target devices from the network, and does not remain connected to the network.

An isolated Packet Squirrel is unreachable until a payload changes state or the device is rebooted into another mode.

In ISOLATE mode, the Packet Squirrel has no network connection, and will not be able to connect to a VPN or to Cloud C².

Last updated