Solved

forward all frames to a ceratin computer

Posted on 2006-06-18
27
910 Views
Last Modified: 2012-05-05
I have a wrt54g linksys router with freeman firmware from seavsoft.

I want to forward all the data to my laptop so I can anaylyse the packets to see whats going on on my network.

I can telnet into the router but I am a noob when it comes to linux


how do I forward all frames going into my router to a certain computer (by mac?) that is on a switch on a port on the router.
or if above not possible/easy
how do I forward all frames going into my router to a certain computer a port on the router.

or if above not possible:

how do I forward all packets going into my router to a certain computer (by mac?) that is on a switch on a port on the router.
or if above not possible/easy
how do I forward all packets going into my router to a certain computer a port on the router.


the interface between the router and the internal switch is br0 i think, or maybe eth0 but check this out heres a snmp monitoring of the interfaces

24.74.117.46/routermonitor/192.168.1.1_9.html   and replace the last digit to see other graphs
the interesting graphs are my wired connection the boring ones are probably my wireless one as I havent used it untill yesterday when I attempted to set up WDS.


0
Comment
Question by:Titanium_Sniper
  • 11
  • 8
  • 4
  • +2
27 Comments
 
LVL 12

Expert Comment

by:Scotty_cisco
Comment Utility
Because this is a switch technically and has no port spanning capability you will need to do a man in the middle attack to get everything to run through a host.

http://www.hak5.org/releases/1x04/sslattack.pdf

this is of course for informational purposes only and should be used for your own network :D

thanks
Scott
0
 
LVL 5

Author Comment

by:Titanium_Sniper
Comment Utility
Interesting method for monitoring the network, but my skills with unix are very very poor.

however; I do not need all the data, only that going between the router and hosts and router and internet needs to be forwarded,
I do not need the data going between hosts.

is there some command to type into the router's command line to do this?
0
 
LVL 30

Expert Comment

by:ded9
Comment Utility
Check This out
www.portforward.com

Reps
0
 
LVL 5

Author Comment

by:Titanium_Sniper
Comment Utility
Scotty Cisco,
I found that in your tutorial that one of the programs it references, (the first) has beenmerged with another program so I downloaded the new one onto my linux wkstation but sadly the file was an iso image and my linux wkstation does not have a cd burner nor do I know how to burn a cd in linux anyways, I havent found where the good programs hide other than those on the "Start" menu. I will look in the PAQ for how to transfer that file to my 2003 server so I can burn it as I cannot figure out how to connect to the server or create a share on the workstation and move files even though I am now NET+ certified as of thursdasy.

ded9,
Port forwarding is not what I am doing, port forwarding allows a computer to be given an external port so its programs can function as if the connection was not shared with NAT. I need to sniff all (well, most) packets and to do that I need them sent to my computer as I have switches not hubs.
0
 
LVL 5

Author Comment

by:Titanium_Sniper
Comment Utility
Another thing is I just got WDS set up which might interfere with what I am doing if it matters.
0
 
LVL 30

Expert Comment

by:ded9
Comment Utility
Oh sorry
but you have downloaded some iso file right u can use a linux program called  undisker
this will extract files from iso in linux

 http://www.undisker.com/download.html
Reps
0
 
LVL 30

Expert Comment

by:ded9
Comment Utility
sorry the linux iso readble program is winrar
http://www.softpedia.com/get/Compression-tools/WinRAR.shtml
Reps
0
 
LVL 5

Author Comment

by:Titanium_Sniper
Comment Utility
The iso automatically opened, however what do I ?run? to ?install?
0
 
LVL 30

Expert Comment

by:ded9
Comment Utility
yes dude
0
 
LVL 5

Author Comment

by:Titanium_Sniper
Comment Utility
well, is there simply a comand i can type into my router with telnet that will accomplish this?
0
 
LVL 57

Expert Comment

by:giltjr
Comment Utility
There isn't one.  I don't think that Seavsoft allows the WRT54G to do "port mirroring."  

Your best bet is to get a cheap hub, connect all computers to it and it to one port on the WRT54G.  Then all computers can see all traffic going between each computer and the WRT54G.

Now if you want to only traffic to/from the Internet, then connect the hub between the WRT54G and your DSL/Cable modem.  Put a second NIC into one of your computers and connect it to the HUB also.  You do NOT need to assing an IP address to the second NIC.  You can get a program like NTOP or Ethereal (now called WireShark) and have it listen on the NIC and capture traffic and analyze it.
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
I don't believe your router, even with the Seasoft software, is capable of forwarding (mirroring) traffic to a specific port. Likely your best bet is to install an old hub (not a switch) between the router and all PC's. Plug your laptop into the hub and you will be able to "listen" to all network traffic, as hubs broadcast all traffic to all ports.

If you just want the detailed log information you can enable the syslog feature on many Linksys units, and give it the laptop as the syslog server. Then install on the laptop a free little application like Kiwi Syslog to collect and view the data.
http://www.kiwisyslog.com/syslog-info.php
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Sorry giltjr, we posted at identical time.  Great minds think alike !   :-)
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 5

Author Comment

by:Titanium_Sniper
Comment Utility
heres a list of commands so you can be certain
http://24.74.117.46/telnet.gif

also, do any physical stores carry hubs because I get funny looks when asking for them in stores or I get pointed to switches and I have to explain what I really need and then what I want to do with it.
0
 
LVL 5

Author Comment

by:Titanium_Sniper
Comment Utility
will this one do it:

Through July 29th, 2006, or while supplies last, Academies may purchase a maximum of (10) Cisco 871 and (10) Cisco 871W (Wireless) routers. The 871 sells for US$250, and the 871W sells for US$300. This is a tremendous offer that allows Academies to purchase an affordable, fully featured Cisco IOS router with advanced security feature sets to complement their existing lab bundles.

In addition, students and instructors may purchase one Cisco 871 or 871W router via the student Academy Marketplace for home or classroom use.
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 400 total points
Comment Utility
Personally I don't see any option to forward all traffic. I believe you may be able to use TRAP for specific monitoring.
As for hubs other than high end ones >$3000 I don't know that you can still buy them. You can usually find an old 8 port 10mbps one for free, of $5 on Ebay. You only need 10mbps (Internet approx 1mbps) and 3 ports do do what you want to do.
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 400 total points
Comment Utility
Good price on the Cisco's but no that will not do the trick.
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 400 total points
Comment Utility
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 100 total points
Comment Utility
http://www.compusa.com/products/product_info.asp?pfp=cat3&product_code=50002269&Pn=4_Port_10BASE_T_Ethernet_Hub

4 Port Netgear, the 4th port can be an uplink.  Port mirroring is normally only found on managed switches.

Something you could try to do, if you want.   Create a second subnet and put all of your comptuer on it, have one computer be dual homed and have it be the router for the second subnet.  Something like:


  WRT54G <-- 192.168.1.0/245 --> "ROUTER COMPUTER <--- 192.168.2.0/24 ---> rest of the computers.

The "router computer" only needs one NIC, but two IP addressess on in the 192.168.1.0/254 subnet and one in the 192.168.2.0/24 subnet.  When the "rest of the computer" want to talk to each other, they will directly without routing any packets.  However when they want to talk to the Internet, they will send all packets to the "ROUTER COMPUTER" which will in trun re-route to the WRT54G.  However the "ROUTER COMPUTER" will need to be up whenever "rest of the computer" wants to access the Internet.

0
 
LVL 5

Author Comment

by:Titanium_Sniper
Comment Utility
I have a nortel business bps 2000 managed switch lying around but its missing its 48 v power supply and you would laugh if I told u what I rigged together to power it. Let me just say I am not allowed to turn it on inside.

I soldered together and wire map tested with a fan and a battery a straight through rj45 to serial cable to manage it with but I still cant figure out how to manage the switch.

I have 1 300 foot cable already but I will have to buy more rj45 ends to make another one or 2 if I am going to use the switch while sitting in my garage to forward frames.
0
 
LVL 57

Expert Comment

by:giltjr
Comment Utility
Robwill, looks like we are leap frogging each other. :)
0
 
LVL 5

Author Comment

by:Titanium_Sniper
Comment Utility
I will probably buy a hub and pci post error code reader and rj45 ends and a new hard drive when I finally get my new summer job.

I have thought of running my server w/ Server 2003 enterprise as a NAT but My parents would not want me to run more wires through the ceiling or put the server in their office as the cpu fan is very noisy when spinning on low. I wanted to do a wireless link but my seavsoft firmware routers crash fairly often and I do not want to double the amount of things I have to check to get the internet back online.
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 400 total points
Comment Utility
The Nortel business bps 2000 probably allows port mirroring, but usually only one port. Probably a lot more work to learn how to manage and set it up than buy a basic Hub, or go with giltjr's solution of a multi-homed PC for monitoring any pass through traffic. The only downside to this is if you have any incoming services such as a VPN, web or mail servers. Depending on the network configuration this may interferer with those services.

>>"Robwill, looks like we are leap frogging each other. :)"
Got to be good advise if we are making the same recommendations and referencing the same hubs :=-)  That is almost bizarre  !
0
 
LVL 5

Author Comment

by:Titanium_Sniper
Comment Utility
thanks for all the info, I cant use that switch because it is "too dangerous" to bring in the house with the way I powered it. I wil look for a cheap or free hub and maybe try to do some of those more hack type methods thanks I will split the points soon.
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Thanks Titanium_Sniper,

>>"it is "too dangerous" to bring in the house "
???  :-)  Sounds like there is a story behind that .
Should be able to find an 8 port hub for free somewhere.
0
 
LVL 5

Author Comment

by:Titanium_Sniper
Comment Utility
I have it powered with 3: ~20 v laptop power supplies hooked together in series for 57V total and plenty of amps. the switch only needs 48V and I ferel the only thing that could go wrong is the power supply would pop and smoke a little but no fire would occur.
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
That sounds a little scary. Careful it doesn't apply the wrong voltages to the Ethernet ports, they are quite sensitive.
Good luck,
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Join & Write a Comment

Suggested Solutions

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now