[ale] OT Linksys primiscuous mode

[David Ritchie]

On Sun, Dec 20, 2009 at 5:41 PM, jtholmes <linux at jtholmes.com> wrote:

> Is there any way (short of putting a hub or switch in front
> of the Linksys) to capture all packets going into and out of
> the Linksys.
> i.e. a promiscuous mode setting in the Linksys.

What you are describing is called a span port in the Cisco world, and
generally isn't available
on home routers. There are a couple of different options. Starting
with the cheapest/least intrusive:

1) Build a passive network tap to split out the transmit side of both
sides of the inbound cable
to the receive side of two dedicated network cards in your Wireshark
station (I use 2 PCMCIA 3COM cards).

See http://hackaday.com/2008/09/14/passive-networking-tap/ for details.

There are several articles available on the web regarding this,
keywords 'passive network taps'. This is
limited with respect to speed (gigabit isn't going to work this way),
but for 100BT it should be fine.

2) buy/beg/borrow a managed switch, which should allow port spanning
for this purpose.

When you say 'you are seeing all the traffic, are you saying that you
are seeing (on machine A), all traffic between
machines B and C which are connected on unique ports of the WRT54G?
Also, it is still not clear to
me why a hub on the WAN port would not work for this. I can understand
it when you are only wanting to
see traffic on one port of the LAN side of the switch.

Perhaps DD-WRT or Tomato will give this functionality at the router -
I have not researched yet.

Good Luck!

-- Dave Ritchie