Jump to content


Photo
- - - - -

Wireless Sniffing through Router


  • Please log in to reply
4 replies to this topic

#1 FlamingFox

FlamingFox

    SCRiPT KiDDie

  • Members
  • 22 posts
  • Country:
  • Gender:Male
  • Location:Space, where else?

Posted 16 May 2010 - 01:10 AM

Hey guys,

I don't currently have a wireless card in my desktop. However, my router, which I am hard-wired to, is wireless. Is there a way to sniff packets wirelessly through this router?

I'm not to into the idea of using proggies like tcpdump onto the router itself, even though the router is running dd-wrt.

So, can I accomplish wireless packet sniffing through my wireless router using software, such as wireshark, on my desktop computer?

Thanks in advance,
FF

#2 snakesonaplane

snakesonaplane

    SUP3R 31337 P1MP

  • Members
  • 297 posts
  • Location:Mass

Posted 16 May 2010 - 11:34 AM

It depends what you mean by "wireless sniffing." For any machine connected to your LAN, it doesn't matter if it's wired or wireless, as all the packets will still go through the same place - the router. To sniff these packets, you can use Wireshark on one of the clients. You can also ARP poison using Cain, which essentially makes the computers on the LAN think YOUR pc is the router.

If you are looking to sniff wireless networks and not computers connected to your LAN, I'm not sure how to answer your question. While many DD-WRT routers can be set to "client mode" to mimic a wireless adapter, I've never heard of people using this equipment for wireless hacking.

#3 FlamingFox

FlamingFox

    SCRiPT KiDDie

  • Members
  • 22 posts
  • Country:
  • Gender:Male
  • Location:Space, where else?

Posted 16 May 2010 - 05:51 PM

Your first definition is what I mean. Can I sniff using such software even when the I.P is on a different gateway. I.E. 192.168.1.128 sniffing 192.168.15.144's traffic?

#4 snakesonaplane

snakesonaplane

    SUP3R 31337 P1MP

  • Members
  • 297 posts
  • Location:Mass

Posted 17 May 2010 - 09:02 AM

Your first definition is what I mean. Can I sniff using such software even when the I.P is on a different gateway. I.E. 192.168.1.128 sniffing 192.168.15.144's traffic?


Honestly, I'm not sure. Every time I have done ARP poisoning or traffic sniffing, it's all been on the same 192.168.1.x gateway. I think as long as you can route the LAN's traffic through your PC, you should be set. I'm not an expert on this stuff though.

#5 tekio

tekio

    5(R1P7 |<1DD13

  • Binrev Financier
  • 1,092 posts
  • Gender:Male
  • Location:The Blue Nowhere

Posted 17 May 2010 - 01:39 PM

With wireshark there are basically two ways (that I know of) to capture all hosts on the subenet: 1) as snakesonaplane mentioned, using ARP poison routing on the subnet. The second is to get a card that goes into promiscuous mode and use wireshark. Personally, I prefer promiscuous mode sniffing because it is more stealthy (but can still be detected).


Remember, promiscuous mode capture will probably not work on WPA or WPA2, as you will probably need the "client specific key" to decrypt the captured data.


Also, most routers use switching technology for the wired hosts. So, your data is probably safe from WiFi, but there are tools that will flood the MAC table and cause the switching to work more like a hub. From my experiences, tools like Macof are unreliable, and will not work against a lot of better switches. Usually, better switches like Cisco, etc..., will be designed with these exploits in mind. Again, tools like Macof are very noisy, too. If there is an IDS deployed, you can count the admin knowing.

EDIT: it would probably be possible to sniff the traffic, and with IP forwarding enabled it should route it to the real gateway. If I totally understand what your asking. Dietsniff may run on the router too. I've got it to run on all my NAS devices that have a basic Linux kernel.

To sniff from a different subnet you might need to set a custom route to forward that traffic to the sniffing host on the other subnet.

Edited by tekio, 17 May 2010 - 02:15 PM.





BinRev is hosted by the great people at Lunarpages!