?
Solved

how do I alter my network to sniff wired and wireless ??

Posted on 2007-11-15
4
Medium Priority
?
552 Views
Last Modified: 2008-02-01
I have the following configuration:

Internet -> Linksys Cable Modem -> Linksys WRT54G -> wired & wireless computers

Because the WRT54G is a switch I need to put a hub somewhere.  I'm thinking that I can disconnect the modem from the switch and put a hub in the middle, connect my sniffer to the hub as well and then be able to  sniff all packets from all computers.

Will this work ?  Will I be able to see and detect IP addresses assigned by DHCP on the switch or do I have to track down MAC addresses ?

Thanks
0
Comment
Question by:_Scotch_
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 18

Accepted Solution

by:
chuckyh earned 800 total points
ID: 20290481
No, sorta.  You will be able to see traffic going in and out to the internet but you won't be able to see which client requested them. MAC addresses isn't relevant here.  The WRT54G NATs the communication from the individual clients, so anything you see at the hub would all be traffic going to the WRT54G and from the WRT54G to the internet.  Hope that makes sense.
0
 
LVL 32

Assisted Solution

by:harbor235
harbor235 earned 600 total points
ID: 20290674
What you really should be trying to do is acquiring a enterprise class switch off ebay like a cisco 2900
series switch. This will allow you to perfom some of the advanced functions you are trying to perform.

The 2900 is older and end of sale but is still capable of perfroming some basic enterprise functions.

You could set up several vlans, utilizing a span session you could sniff inside or ouside networks.

50 bucks of ebay, newer switches would give you more functionality and performance, just depends on the amount of $$ you are willing to spend.

harbor235 :}
0
 
LVL 3

Author Comment

by:_Scotch_
ID: 20291170
I've read something about port mirroring and that the better swtiches have a port that i can connect to in order to see all traffic on all ports.  Is that what I should be looking for ?

What I want to do is zero in on a PC, say my teenagers :), and grab the packets with ethereal now and then.  If the hub idea works then I could still grab the packets, I'd just have to deduce which machine was sending the traffic - there's only 5-6 so that shouldn't be too hard.

My hub idea is because I think I have one laying around somewhere already.  Will that let me see HTTP packets via ethereal or would I have to tear the frames apart by hand ?
0
 
LVL 1

Assisted Solution

by:davidbaumann
davidbaumann earned 600 total points
ID: 20327069
You can either use your pc as router (with Internet Connection Sharing from Windows XP, for example).
You would only use the router as access point.
All the traffic would go through your pc enabling you to get all infos (source ip, target ip, port...)

Another way would be to boy a hub and another access point.
In this case, you would have to turn off the WLAN for the WRT and replace it by the access point.
Then, remove any device from the router and plug them into the hub. Connect the hub with the router.
If your pc is connected to the hub, you will be able to sniff all the traffic going over the hub including all data, like source ip, target ip, port...

I would prefer the last solution as your pc doesn't have to run all day.

Btw: The Fritz Box from AVM has a function to sniff all network traffic without any modifications... Maybe there is also a Firmware for your WRT...


I hope this helps...
0

Featured Post

Four New Appliances. Same Industry-leading Speeds.

But don't take it from us.  The Firebox M370 is Miercom tested and Miercom approved, outperforming its competitors for stateless and stateful traffic throughput scenarios.  Learn more about the M370, M470, M570 and M670 and find the right solution for your organization today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re like me and you like peace and quiet, saving money, and pretty lights, then this article is for you. For financial reasons, I buy all the Cisco equipment for my home lab second-hand. The first thing to wear out is usually one of the coo…
This article will step through configuring a SonicWALL appliance to utilize an internal DHCP server for Global VPN Client (GVC) hosts.  There are times when using an external (external to the SonicWALL) DHCP server, such as Windows Servers, isn’t pr…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses
Course of the Month14 days, 3 hours left to enroll

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question