Solved How to view all network traffic on your router not just your

May 7, 2012 at 14:43:10
Specs: Linux and window
How to view all network traffic on your router not just your computer? Using wireshark. Window 7 and Ubuntu.

Without using any enhancements like airPcap or Turbo cap.


See More: How to view all network traffic on your router not just your

Report •


#1
May 7, 2012 at 14:51:00
✔ Best Answer
Depending on the router, you could mirror the WAN port. This won't likely be possible on a SOHO Router though.

Alternatively there's a device we call a "tap" that you could put on your mainline that splits the traffic between two channels. So you would have A (in) and B/C (out). Connect A to the WAN port of your router, B to your modem and C to the machine you wish to have viewing all network traffic. Essentially, this is the same thing as the port mirror I mentioend, only using a small piece of hardware.

As to not using aircap, I don't even know what that is. But on a UNIX/Linux based box I would do a tcpdump

I don't believe wireshark can be made to watch the interface on a remote machine so you'll have to go with one of the above.

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •

#2
May 7, 2012 at 15:06:14
The problem in #1 is, if you got a router without the possibility to mirror a port, you can use whatever program you want, e.g. wireshark or tcpdump or whatever, you will get only the broadcast traffic and the traffic of your own computer.

If you put a hub infront of the router, so that all computers first have to pass the hub, you can sniff all the traffic in and out.


Report •

#3
May 7, 2012 at 15:20:37
Thanks,

AirPcap not aircap, my bad.

I'll try tcpdump and the hub.


Report •

Related Solutions

#4
May 8, 2012 at 04:39:53
The problem in #1 is, if you got a router without the possibility to mirror a port, you can use whatever program you want, e.g. wireshark or tcpdump or whatever, you will get only the broadcast traffic and the traffic of your own computer.

Actually paulsep, with a port mirror on an L2 or L3 switch you would mirror the uplink port because it carries all traffic, just like the WAN port on a SOHO Router would.

If you mirrored a client port then all you would see is broadcast and traffic going to that client.

I never thought about a hub, but that should work. Good thinking. I think I've spent so much time advising people to use a switch instead of a hub I'd never stopped to consider they could actually have one use....and this is it.....lol

Put it between the WAN port and the modem so as to see all traffic going through the router.

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •


Ask Question