Using Wireshark and MITM to explore a STB

I’ve recently bought a new Freeview HD box from 3view. It has a whole host of features and can be considered a “connected” device. As with most high-end set-top-boxes (STB) it pulls software firmware updates from the web, and I was interested to see where it went to get these updates & how it knew they were available.

I know about using tools to sniff network traffic, but have only done this to sniff traffic coming directly out of the PC I’m running the capture software on. Buying this 3view box gave me more of an inventive to expand my knowledge & figure out how to capture the traffic from other devices.

It was actually relatively easy. I decided to do a Machine in the Middle (MITM) ‘attack’ which was documented over at the Wireshark wiki.

In my case I didn’t have 2 network cards, but did have a laptop with one network card, and a wireless card. In Windows XP I bridged the NIC to the Wireless adapter, then plugged in a cross-over cable that linked the 3view box to my laptop. Then, after a bit of messing about with IP addresses it started working.. my 3view box was accessing my wireless router via my laptop.

Now that all the traffic from the 3view box was going via my laptop, all I then needed to do was fire up Wireshark & take a look at the packets.

Intercepting the traffic allowed me to see where the box was going for it’s updates, and the User Agent. That’s been documented over at the 3viewer community website I set up for 3view owners.