Re: ethernet card in promiscuous mode with aDSL routers

On Tue, 13 Dec 2005 00:23:33 -0800, someone92 wrote:

> I'm trying to use one of my linux computer to sniff the traffic (for
> security reasons) on my LAN using tcpdump and setting my NIC in
> promiscuous mode. But I don't see anything from the other computers on
> my LAN.

Try using something like "dsniff", "ethercap", or some such instead.

> I tried it with a linksys BEFSR41 and a speedstream 6520 aDSL/modem
> wireless router (I'm not using the wireless option). Are networks build
> using these router swiched networks?

Probably. I have a SpeedStream 5861 that is a Hub, but it's old 10Mbit.
My newer ((pl)euro 25ish) Sweex LB000021 is a 100Mbit switch however.

> Is this the reason why I can't see anything from other NICs?

I'd think so: yes.

> The strange thing is that I was very sure it was working with the 6520
> last weak, unless I was completly lost, I saw some connections from
> another computer to the internet (HTTP). But now I don't see anything
> and I don't think I change any configurations.

During that time the switch was probaly in learning mode (right after a
power recycle - maybe.)

> There's no way I could configure the routers to act like hubs?

Flood a port with spoofed MAC enties? (But it'd be a temporary and
needless exercise anyways.)

> I would really like to monitor my network from only on computer. I'm I
> loosing my time trying to figure out how to do this with these 2
> routers?

If eithers firmware supports a port in "management mode" you're home-free.

However if they don't: the Linksys might be flashable with OpenWRT Linux
or similar, and you should be able to use the "brctl" command and set the
ports any which way you like then.

--
-Menno.

.

Relevant Pages

  • ethernet card in promiscuous mode with aDSL routers
    ... my LAN. ... aDSL/modem wireless router. ... why I can't see anything from other NICs? ...
    (comp.os.linux.networking)
  • Re: Wireless router/adapter with SBS 2000
    ... device because the router is outside your LAN ... But to just logon like everyone else, you need a plain old wireless access ... >> Additionally the DNS server address on both nics must be set to the IP ...
    (microsoft.public.backoffice.smallbiz2000)
  • PPPoE switched into the LAN (no dedicated NIC)
    ... my primary router PC just died, so to avoid changing NICs ... The PPPoE access concentrator is wired to the hub. ... No other routers/switches; flat LAN. ...
    (comp.os.linux.networking)
  • Re: 2 NIC SBS2003R2 LAN/WAN Firewall Router Connection Failure
    ... and the LAN NIC are on the same subnet. ... My WAN NIC and LAN NIC are on separate subnets; ... That's why I asked about static routes, the router table and so on. ... Two Nics, a static IP address, ISA, router ...
    (microsoft.public.windows.server.sbs)
  • Re: 2 NIC SBS2003R2 LAN/WAN Firewall Router Connection Failure
    ... and the LAN NIC are on the same subnet. ... My WAN NIC and LAN NIC are on separate subnets; ... That's why I asked about static routes, the router table and so on. ... Two Nics, a static IP address, ISA, router ...
    (microsoft.public.windows.server.sbs)