I read through the wireless capture and the other hub/switch/tap capturing, but I'm very confused.

What I want to do is capture all of the info from my wifi router from how ever many users are using it at that time. The router is sitting next to my laptop, so I have access to it. What do I have to buy?

I feel like simple is better and that there should be something I can connect to the router and connect that to my computer that will do the job. Any help is appreciated.

asked 02 Dec '10, 13:13

neilk's gravatar image

neilk
1111
accept rate: 0%


Most simple IMO:

Download some bootable Linux-Live-whatever distro (Slitaz-AirCrack-NG f.e.) and throw your Laptop into wireless sniffing mode.

  • Boot up Linux including AirCrack
  • run iwconfig to locate the name of your wireless NIC (typically wlan0, ath0 or sth. like that)
  • run 'airodump-ng wlan0' <-- insert your NIC name instead of wlan0 if different
  • search the output for the channel and MAC address of your wireless AP
  • stop airodump by CTRL-C
  • restart it including filters for your AP and write to disk:
  • airodump-ng -c (channel number) -w /(saving folder and filename) --bssid (mac address of your AP) wlan0

The whole scenario also works on a flashed linksys OpenWRT of course if you want to have a 24/7 sniffer

link

answered 06 Dec '10, 06:02

Landi's gravatar image

Landi
2.2k51340
accept rate: 27%

edited 06 Dec '10, 06:24

Having access to the router is a start. However it is a low-end home-user router it is unlikely to have what is needed built-in - 99.9% of home users won't know how to use wireshark. If is more of an enterprise grade router it might have a packet capture function or port-mirroring function - check the manual.

Another option, is if your router can be changed to run a more open and flexible software stack like OpenWRT then you can do packet captures onboard with tcpdump.

If your router connects to Internet (or the rest of the network) via Ethernet then you can install a hub or cheap port-mirroring capable switch to copy that traffic to another port for Wireshark monitoring. For instance an HP ProCurve 1810G can do this. You might also find an old Ethernet hub (not switch) that will repeat traffic out of all ports to the same end.

Finally if you just want to capture the wireless traffic - you can use a laptop with Wireless to do this. Your wireless card and encryption method will help determine your success - and you can get some dedicated capture cards such as those from CACE that might be helpful

link

answered 02 Dec '10, 14:50

martyvis's gravatar image

martyvis
8611524
accept rate: 7%

I read the stuff you are talking about and that is what confused me, because the setup I want should be simple. I don't mind buying a different router or re-flashing an old linksys, but after it is set up, I want it to be as simple as possible.

From what I read using a hub would drop packets and the wificard in another laptop would only pick out one user at a time plus the added bulk. I like simple lightweight things, what would do the job properly?

(03 Dec '10, 01:29) neilk

to sniff your router i have another way ... like buy a usb-wifi that knows AP mode and simulate a wifi router ( use the same name , channel etc like your normal wifi router ) after, ull have a new "virtual " network connection that u can sniff ( colasoft , search on google , its totaly free and very good prog ). You can see all the activity on your "wifi" . I like the OpenWRT ideea but its for advanced users, if someone didnt see a linux console in his life it will be kindda complicated. this colasoft is better than whireshark, it has some filtering by default that can capture yahoo/im/etc converseations in text mode no decrytping packets and other complicated things. i hope i helped u.

p.s. the cost of the usb-wifi card is like 20-30 $ the software is free + time ( like 1h max ) i say is affordable :)

cya later alligator.

link

answered 21 Jan '11, 06:28

colapsys's gravatar image

colapsys
11
accept rate: 0%

edited 21 Jan '11, 06:29

There is a much easier way. Although the thread is old I offer this in case anyone else is searching. Buy a router that is compatible with Gargoyle (http://www.gargoyle-router.com/). In my case I am using a Netgear WNDR3700v2. It works really well because you can install Gargoyle firmware right from the router's browser interface. Download the appropriate file from Gargoyle. In this case, gargoyle_1.4.2-ar71xx-wndr3700v2-squashfs-factory-NA.img (If you are in North America, otherwise use the other .img file.) Then open your browser and type in 192.168.1.1 to open your router's interface. Write down all your current browser settings (Isp, subnet mask, gateway, dns servers etc). You may have to manually reenter them in your upgraded browser. Then click on update software. You will have the option to choose a file. Choose the file you downloaded from Gargoyle. Click Install. The process will take less than three minutes and you will have a router with a MUCH faster interface that can log everything that goes through your router. You will be able to monitor everyone's activity or just the ones you select. It will record either IP addresses or domain names and will download them to a spreadsheet if you prefer. In addition, you will also be able to LOCK all users to the DNS server you prefer (in my case opendns). Then you can set different schedules for different users. It is the perfect tool for parents trying to monitor and/or control what their kids are doing online. Very nice GUI--not too much technical skill should be required.

link

answered 28 Sep '11, 12:35

glnagrom's gravatar image

glnagrom
1
accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×330
×67
×26
×20
×7

Asked: 02 Dec '10, 13:13

Seen: 121,571 times

Last updated: 14 Nov '13, 02:22

powered by OSQA