Sniffer with WRT54G

Toggle sidebar Toggle sidebar
T

twodaend

Member
Dec 3, 2003
116
0
0
Is it possible to use a sniffer program with the WRT54G. I'm new to sniffing and I installed Ethereal, but I'm only getting packet from the machine that has the software on it. Is it possible to get all network traffic. I believe it has something to do with port mirroring or tree spanning, but I don't know how or if it is possible to do on the WRT54G.

Basically I want to know how and where to place my sniffer (Ethereal) in order to get all traffic.

I have a WRT54G as the router connecting 3 machines via cable and another WRT54G connected via WDS with 3 machines connected to it as well. I'm also using the Alchemey firmware.
 
N

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
Place the sniffer outside of the network, catch everything going in or out. With a dumb switch you won't be able to get everything.
 
T

twodaend

Member
Dec 3, 2003
116
0
0
When you say outside the network, do you mean between the DSL and the router. If so, what device, a switch, hub?
 
N

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
Originally posted by: twodaend
When you say outside the network, do you mean between the DSL and the router. If so, what device, a switch, hub?
Click to expand...

Yes, between the DSL and the router. You would need either a tap, or failing to have several hundred dollars for a toy like this, a hub. The hub will make sure every device attached to it will get all of the data.

Whatever interface you plug into the hub should be ip-less. Don't assign an IP to it, sniff naked. It'll be a little bit safer. It's also recommended you sniff with something other than ethereal, and then read the dump with ethereal off-line as a non-admin type user.
 
N

nweaver

Diamond Member
Jan 21, 2001
6,813
1
0
yes, set your int with not IP, run tcpdump (assuming linux, maybe something else for windows?) and plug a hub between your router and your modem. This will only get all outgoing traffic, not traffic from client to client inside the network. For that, you have to be creative and use arp poisoning, and it can cause major issues. You may look into ettercap (think that will do the arp poisoning).

The reason for dumping data, and then reading in ethereal as non admin user is that there are MAJOR security problems with ethereal.
 
N

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
Originally posted by: nweaver
yes, set your int with not IP, run tcpdump (assuming linux, maybe something else for windows?) and plug a hub between your router and your modem. This will only get all outgoing traffic, not traffic from client to client inside the network. For that, you have to be creative and use arp poisoning, and it can cause major issues. You may look into ettercap (think that will do the arp poisoning).

The reason for dumping data, and then reading in ethereal as non admin user is that there are MAJOR security problems with ethereal.
Click to expand...

windump ;)
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom