  menc

    menc

    Hi people,

    I've been doing some sniffing on tomato with tcpdump, I uploaded scp a statically linked executable to tomato and then executed it with great success :biggrin:

    Then tried mounting a cifs volume to ouput the data with tcpdump -w FILE and that works fine too.

    But now I got a crazy idea, is it possible to "clone" each package thats goes to the LAN and send it to my computer instead of doing the sniffing in tomato? I mean, putting my pc eth card in monitor mode. Actually I have no idea how resend the packet to my pc, any clue= :confused:

    Hope the message is clear enough.. I haven't slept too much haha :boring:

  mstombs

    mstombs

    You could have a look at compiling an iptables target module for "ROUTE --tee"
  Rob650

    Rob650

    Easiest way is to get a cheap hub and an extra network card for your computer. Set up the hub in between the two devices you want to listen to (modem and router for instance). Then plug in another ethernet cable into the hub going to your second network card. Finally, just use wireshark to listen to that network card and you'll be able to capture all the traffic going between your LAN computers and the internet.
  LLigetfa

    LLigetfa

    But that's not nearly as much fun. Plus, the extra wire coming out from under the desk leading to my car in the parking lot would be a dead giveaway.
  Rob650

    Rob650

    There are some things hubs can't do. For everything else, there's Kismet :biggrin:
  LLigetfa

    LLigetfa

    Kismet is fine when you want to steal what is in the air. On a network without 802.1x, the wire is still the Achilles' heel and I had an idea to use linux embedded on a cheap router as a capture device that you can afford to lose.

    I have a $25,000 Fluke WGA that I use for network captures but at that price, I have to worry about it growing legs. It doesn't have as much eye candy as say, a laptop which would surely walk in no time.
