Jump to content

- - - - -

Look at what going through my router?

  • Please log in to reply
4 replies to this topic

#1 Kinslayer


    the 0ne

  • Members
  • 1 posts
  • Gender:Male

Posted 03 April 2010 - 09:22 PM

Ok, so I live in an apartment and have a wireless router for my internet. I gave the password to access the internet of my wireless router to my neighbor so they could get the internet. I now would love to sniff my own router, and to log what information passes through. See what they're passing through my router. How would I go about doing this? I am new to hacking, and my brain is still kind of stuck in 1994 and windows 3.1 Help :)


#2 tekio


    5(R1P7 |<1DD13

  • Binrev Financier
  • 1,303 posts
  • Gender:Male
  • Location:The Blue Nowhere

Posted 03 April 2010 - 10:26 PM

If you're using a WiFi card that supports promiscuous mode and the Wlan is using wep just fire-up wireshark. Otherwise, you'll need to use ARP poisoning with a tool like Cain & Abel. The biggest drawback with the latter is that most host-based av/firewall suites now detect and prevent APR (Arp Poison Routing).

#3 phr34kc0der


    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 476 posts
  • Gender:Male
  • Country:

Posted 03 April 2010 - 11:19 PM

As tekio said you can either use a packet capture tool (such as wireshark) or do some kind of traffic redirection (arp poisoning). Backtrack is a linux live cd which will allow you to do either. Id say that arp poisoning would be more reliable and would also give you the option of playing with the traffic :tongue: but it is more detectable.

A third option would be to place a computer between the wireless router and the Internet connection. Depending on the type of connection you have and the type of hardware you have lying around something could be hacked together pretty quickly.

#4 MrFluffy



  • Validating
  • 68 posts
  • Gender:Male
  • Country:
  • Location:somewhere

Posted 05 April 2010 - 03:44 AM

My first thought would be to replace router with linksys wrt54g, reflash with openwrt, ssh in and run tcpdump from commandline with filters defined to only show your neighbors packets, but that would involve a steep learning curve in places, but for some thats part of the journey.

Another option to expand on phr34kc0der, would be to add a access point off router via a unmanaged hub and disable the routers inbuilt wifi access, get neighbor to connect to the AP and watch all his traffic come down the wire on another port on the hub with tcpdump/wireshark et all on a ethernet connected machine running backtrack. This option just involves buying stuff rather than learning Im afraid. Or if you have a machine with two ethernet ports , make it act as the hub directly sitting in the middle of it all.

It'd be like a mini legal intercept setup :laugh:

#5 raz0rwired


    Will I break 10 posts?

  • Members
  • 4 posts
  • Gender:Male

Posted 15 May 2010 - 07:07 PM

I would agree with tekio and phr34kc0der that Wireshark is the way to go for short term traffic analysis. If you found your way to this site, then you will quickly find a packet analyzer is a staple in your arsenal of go-to tools. Depending on what you are trying to discover, you may want to set filters to make the capture file manageable. If you are looking for something more long term, set up a proxy and enforce the traffic so it must go through the proxy. This will give you a more holistic view of what URLs and junk that are passing through.

BinRev is hosted by the great people at Lunarpages!