• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Network pass-through ports w/ total data collection (2 ports on PC - in-out/out-in)

G

grepawking

Junior Member
I know that it is possible to sniff networks with a single connection but I'm wondering if it is possible to use 2 network cards on a computer and have all the data flow through it, basically like a router, but have it retain all the data in a searchable format like tcpdump or wireshark.

Can this be done with consumer routers?
 
With a consumer linux-based router, you can set up an IPTables rule that will copy all traffic to a specific IP address, and then sweep it up with something like Snort. Is that what you're after?
 
dave_the_nerd said:
With a consumer linux-based router, you can set up an IPTables rule that will copy all traffic to a specific IP address, and then sweep it up with something like Snort. Is that what you're after?
Click to expand...

Yeah, that sounds pretty much what I'm looking for. Is there any benefit to passing it all through a computer, like a proxy, placed in-line on the WAN side of the router (I'm guessing with full Duplex dual NIC's may not be necessary).

I would be using Linux for this in any case. I just want to make sure that running something like wireshark or tcpdump doesn't miss something.
 
grepawking said:
Yeah, that sounds pretty much what I'm looking for. Is there any benefit to passing it all through a computer, like a proxy, placed in-line on the WAN side of the router (I'm guessing with full Duplex dual NIC's may not be necessary).
Click to expand...

That's not what duplex is for. If you have a device that's inline between the WAN and your router, it would need to have dual NICs.

I would be using Linux for this in any case. I just want to make sure that running something like wireshark or tcpdump doesn't miss something.
Click to expand...

It wouldn't miss anything either way, if you've got the router configured properly.

If you've got a traffic capture/logger set up in between your router and the rest of the network (on the WAN side) you've got, theoretically, an intrusion detection system - you could set up traffic rules, do deep packet inspection, and otherwise protect your network.

http://ptgmedia.pearsoncmg.com/images/0131407333/downloads/0131407333.pdf

If you're just trying to log traffic for creepy stalker purposes, you can just do it side-band - set up something called "port mirroring" on the router to direct a copy of all IP traffic to your logging machine as well, whatever you use. If your router is linux based, or if you've installed DD-WRT on it, then you can just SSH or telnet into the thing and set up an iptables rule that works the same as port mirroring.

Example: http://darrelsbrain.blogspot.com/2013/01/how-to-enable-mirroring-on-asus-rt-n66u.html
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top