maxpower1119
Limp Gawd
- Joined
- Jun 4, 2004
- Messages
- 151
The headline pretty much says it all. Is there any way to see the traffic passing through a router, specifically Linksys wrt54g (alread flashed with thibor). Thanks
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Navigation
Install the app
How to install the app on iOS
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
More options
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Ethereal type program for routers?
- Thread starter maxpower1119
- Start date
Supposedly with aftermarket Firmware where you can excute code (i.e. hyper wrt or dd-wrt) you can run RPCAPD or tcpdump compiled for the processor on the wrt54g. This is the best link I could find describing it.
Heres the Binary for the RPCAPD for the wrt54G
When the WRT54g first got a hacked firmware, my first thought was a cheap distributed sniffer.
Heres the Binary for the RPCAPD for the wrt54G
When the WRT54g first got a hacked firmware, my first thought was a cheap distributed sniffer.
maxpower1119
Limp Gawd
- Joined
- Jun 4, 2004
- Messages
- 151
What about if I connected the router hard wired to a laptop, then used the laptop to connect wireless to another ap. Would I be able to run ethereal on the laptop and sniff traffic like that? IE use one router (wired to the laptop) as a Wifi AP then use the laptops internal wifi card to connect to to the second router connected to the internet.
Only if you have bridging turned on the 2 interfaces on the laptop, and the proper routes on the PC's. I think that would work unless the winpcap driver has issues with bridging.
In the end you could get a hub and put it anywhere you want to sniff. i.e. between the router and wireless ap.
NOTE: I recently ran into a "hub" that was NOT a hub. It was a small linksys 4 port "hub" that when I tryed to use it to sniff I could only see broadcast and my own traffic. I had to get another HUB (this time 3 com) and then I could see all traffic. A true hub should send all traffic out all ports. I have no idea why linksys called it a hub, because it was obviously doing switching. That was sort of like buying a Lamborghini and calling it a Yugo. Made no sense.
Can you better difine what you are trying to do or accomplish and maybe we can suggest an even better solution.
In the end you could get a hub and put it anywhere you want to sniff. i.e. between the router and wireless ap.
NOTE: I recently ran into a "hub" that was NOT a hub. It was a small linksys 4 port "hub" that when I tryed to use it to sniff I could only see broadcast and my own traffic. I had to get another HUB (this time 3 com) and then I could see all traffic. A true hub should send all traffic out all ports. I have no idea why linksys called it a hub, because it was obviously doing switching. That was sort of like buying a Lamborghini and calling it a Yugo. Made no sense.
Can you better difine what you are trying to do or accomplish and maybe we can suggest an even better solution.
YeOldeStonecat
[H]F Junkie
- Joined
- Jul 19, 2004
- Messages
- 11,330
Not quite as detailed as Ethereal...but would Wallwatcher be enough for ya?
http://www.sonic.net/wallwatcher/
http://www.sonic.net/wallwatcher/
maxpower1119
Limp Gawd
- Joined
- Jun 4, 2004
- Messages
- 151
I have a phone with wifi (T-mo MDA) that I want to 'view' the traffic from. I figured I could have it connect to a wireless router, have the router wired to a pc, then have the pc connected to the internet.
Malk-a-mite
[H]ard|Gawd
- Joined
- Feb 16, 2002
- Messages
- 2,023
moetop said:NOTE: I recently ran into a "hub" that was NOT a hub. It was a small linksys 4 port "hub" that when I tryed to use it to sniff I could only see broadcast and my own traffic. I had to get another HUB (this time 3 com) and then I could see all traffic. A true hub should send all traffic out all ports. I have no idea why linksys called it a hub, because it was obviously doing switching. That was sort of like buying a Lamborghini and calling it a Yugo. Made no sense.
This is why I still have a Cabletron multiport repeater in my kit of tools. Gets some very odd looks on sites but it does exactly what it's supposed to do.
bigstusexy
2[H]4U
- Joined
- Jan 28, 2002
- Messages
- 3,194
Hrmmm... you do know the Ethereal/Wireshark supports remote caputre right? If your device will send out the data you can still capture it. wincap4 (and 3.4 I think, to some extent) supports this although it is still tricky in Ethereal/Wireshark and does require that you know the device name.
I'd go that route, or see if they brought back the syslog or SMTP traps.
I'd go that route, or see if they brought back the syslog or SMTP traps.
bigstusexy said:Hrmmm... you do know the Ethereal/Wireshark supports remote caputre right? If your device will send out the data you can still capture it. wincap4 (and 3.4 I think, to some extent) supports this although it is still tricky in Ethereal/Wireshark and does require that you know the device name.
I'd go that route, or see if they brought back the syslog or SMTP traps.
Hence me pointing him to the compiled version of RPCAPD for the wrt54g (with alternate firmware). The thing I forgot to do which you are telling him now is that Ethereal supports RPCAPD as well as importing tcpdump file. Thanks for catching that piece of important info.