• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Sniffer with WRT54G

T

twodaend

Member
Is it possible to use a sniffer program with the WRT54G. I'm new to sniffing and I installed Ethereal, but I'm only getting packet from the machine that has the software on it. Is it possible to get all network traffic. I believe it has something to do with port mirroring or tree spanning, but I don't know how or if it is possible to do on the WRT54G.

Basically I want to know how and where to place my sniffer (Ethereal) in order to get all traffic.

I have a WRT54G as the router connecting 3 machines via cable and another WRT54G connected via WDS with 3 machines connected to it as well. I'm also using the Alchemey firmware.
 
Place the sniffer outside of the network, catch everything going in or out. With a dumb switch you won't be able to get everything.
 
Originally posted by: twodaend
When you say outside the network, do you mean between the DSL and the router. If so, what device, a switch, hub?
Click to expand...

Yes, between the DSL and the router. You would need either a tap, or failing to have several hundred dollars for a toy like this, a hub. The hub will make sure every device attached to it will get all of the data.

Whatever interface you plug into the hub should be ip-less. Don't assign an IP to it, sniff naked. It'll be a little bit safer. It's also recommended you sniff with something other than ethereal, and then read the dump with ethereal off-line as a non-admin type user.
 
yes, set your int with not IP, run tcpdump (assuming linux, maybe something else for windows?) and plug a hub between your router and your modem. This will only get all outgoing traffic, not traffic from client to client inside the network. For that, you have to be creative and use arp poisoning, and it can cause major issues. You may look into ettercap (think that will do the arp poisoning).

The reason for dumping data, and then reading in ethereal as non admin user is that there are MAJOR security problems with ethereal.
 
Originally posted by: nweaver
yes, set your int with not IP, run tcpdump (assuming linux, maybe something else for windows?) and plug a hub between your router and your modem. This will only get all outgoing traffic, not traffic from client to client inside the network. For that, you have to be creative and use arp poisoning, and it can cause major issues. You may look into ettercap (think that will do the arp poisoning).

The reason for dumping data, and then reading in ethereal as non admin user is that there are MAJOR security problems with ethereal.
Click to expand...

windump 😉
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top