No announcement yet.

Linksys WRT54G wireless packet sniffing impossible?

  • Filter
  • Time
  • Show
Clear All
new posts

  • Linksys WRT54G wireless packet sniffing impossible?

    Ok, I run a packet sniffer on a machine of course setting the option in ethereal to capture everything promisciously, all I can see is some ARPs from the machines off the router and a TON of spanning traffic, and some smb stuff. I want to be able to see ALL wireless traffic comming from machines that are wirelessly off the router, I have looked on the internet, and the closest answer I can find for not being able to see anything other then the broadcast traffic is that the router is acting as a switch and a router at the same time, but whats confusing to me is, I didn't know that there is such thing is a wireless switch. I thought wireless traffic is sent to EVERYONE on the lan side of the router? I have checked the configuration of the router as it stands now, and it looks like there is no option in there that can help me accomplish captureing everyones wireless traffic.

  • #2
    Bridging and routing are two different things. You are routing. In addition your device is funtioning as a switch, which does not inherently broadcast all ethernet traffic to all ethernet devices like hubs.

    Wireless traffic is broadcast, so your best bet would be to just pull the packets before they even hit the router... filter by ESSID if you're annoyed by other traffic. Of course you could use ettercap to sniff your switched ports, but that seems highly unnecessary.
    if it gets me nowhere, I'll go there proud; and I'm gonna go there free.


    • #3
      Sniffing wireless

      AS, there are a few things to consider here:

      1) Converge is right, your best bet is to capture the wireless traffic as a wireless station. The Linksys AP is acting as a switch, so all wireless traffic will have the layer 2 frame converted to Ethernet before being sent to your w/s.

      2) You did not state which OS you are using. Note that Ethereal for Windows does not capture the 802.11 traffic, so all you will see is the L3 traffic, such as ARP requests (well, never sure if this is classfied L2 or L3), routing, etc. You will NOT capture the actual wireless frames.
      Alternately, you can use most any sniffer, including Ethereal, in Linux (others include Snort, tcpdump, etc.). OR, if you MUST use Windows, you can try running windump with the switch for the L2 header, pipe to a libpcap file, then open it in Ethereal for easier viewing and analysis.

      Hope that helps.