Solved

how do I alter my network to sniff wired and wireless ??

Posted on 2007-11-15
4
550 Views
Last Modified: 2008-02-01
I have the following configuration:

Internet -> Linksys Cable Modem -> Linksys WRT54G -> wired & wireless computers

Because the WRT54G is a switch I need to put a hub somewhere.  I'm thinking that I can disconnect the modem from the switch and put a hub in the middle, connect my sniffer to the hub as well and then be able to  sniff all packets from all computers.

Will this work ?  Will I be able to see and detect IP addresses assigned by DHCP on the switch or do I have to track down MAC addresses ?

Thanks
0
Comment
Question by:_Scotch_
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 18

Accepted Solution

by:
chuckyh earned 200 total points
ID: 20290481
No, sorta.  You will be able to see traffic going in and out to the internet but you won't be able to see which client requested them. MAC addresses isn't relevant here.  The WRT54G NATs the communication from the individual clients, so anything you see at the hub would all be traffic going to the WRT54G and from the WRT54G to the internet.  Hope that makes sense.
0
 
LVL 32

Assisted Solution

by:harbor235
harbor235 earned 150 total points
ID: 20290674
What you really should be trying to do is acquiring a enterprise class switch off ebay like a cisco 2900
series switch. This will allow you to perfom some of the advanced functions you are trying to perform.

The 2900 is older and end of sale but is still capable of perfroming some basic enterprise functions.

You could set up several vlans, utilizing a span session you could sniff inside or ouside networks.

50 bucks of ebay, newer switches would give you more functionality and performance, just depends on the amount of $$ you are willing to spend.

harbor235 :}
0
 
LVL 3

Author Comment

by:_Scotch_
ID: 20291170
I've read something about port mirroring and that the better swtiches have a port that i can connect to in order to see all traffic on all ports.  Is that what I should be looking for ?

What I want to do is zero in on a PC, say my teenagers :), and grab the packets with ethereal now and then.  If the hub idea works then I could still grab the packets, I'd just have to deduce which machine was sending the traffic - there's only 5-6 so that shouldn't be too hard.

My hub idea is because I think I have one laying around somewhere already.  Will that let me see HTTP packets via ethereal or would I have to tear the frames apart by hand ?
0
 
LVL 1

Assisted Solution

by:davidbaumann
davidbaumann earned 150 total points
ID: 20327069
You can either use your pc as router (with Internet Connection Sharing from Windows XP, for example).
You would only use the router as access point.
All the traffic would go through your pc enabling you to get all infos (source ip, target ip, port...)

Another way would be to boy a hub and another access point.
In this case, you would have to turn off the WLAN for the WRT and replace it by the access point.
Then, remove any device from the router and plug them into the hub. Connect the hub with the router.
If your pc is connected to the hub, you will be able to sniff all the traffic going over the hub including all data, like source ip, target ip, port...

I would prefer the last solution as your pc doesn't have to run all day.

Btw: The Fritz Box from AVM has a function to sniff all network traffic without any modifications... Maybe there is also a Firmware for your WRT...


I hope this helps...
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re like me and you like peace and quiet, saving money, and pretty lights, then this article is for you. For financial reasons, I buy all the Cisco equipment for my home lab second-hand. The first thing to wear out is usually one of the coo…
 One of the main issues with network wires is that you never have enough.  You run plenty and plan for the worst case but you still end up needing more.  What many people do not realize is with 10BaseT and 100BaseT (but not 1000BaseT) networks you …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question