Jsnk Posted February 16, 2014 Share Posted February 16, 2014 So one radio (wlan0) I have acting as a hotspot, the other (wlan1) I have acting as a client. I've verified sharing internet from wlan1 to wlan 0. I want to monitor what passes through via eth0, essentially mirroring one of the wlan interfaces to eth0. Is this possible? Having a heck of a time finding directions online. Thanks Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted February 16, 2014 Share Posted February 16, 2014 So one radio (wlan0) I have acting as a hotspot, the other (wlan1) I have acting as a client. I've verified sharing internet from wlan1 to wlan 0. I want to monitor what passes through via eth0, essentially mirroring one of the wlan interfaces to eth0. Is this possible? Having a heck of a time finding directions online. Thanks If you are connected to eth0, you are automatically on the same vlan as anyone on wlan0. But realistically, you'd want to sniff br-lan as that is the bridge interface. Best Regards, Sebkinne Quote Link to comment Share on other sites More sharing options...
Jsnk Posted February 17, 2014 Author Share Posted February 17, 2014 But I'd like to use wireshark or tcpdump on eth0 and see everything that is passing through. I dont see that happening now. Is there a way to mirror the bridge interface to eth0? Or make eth0 part of the bridge? Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted February 17, 2014 Share Posted February 17, 2014 But I'd like to use wireshark or tcpdump on eth0 and see everything that is passing through. I dont see that happening now. Is there a way to mirror the bridge interface to eth0? Or make eth0 part of the bridge? To do this, you'll need to run tcpdump on the pineapple, on br-lan. You could capture to file and analyze this somewhere else if you wanted. Best regards, Sebkinne Quote Link to comment Share on other sites More sharing options...
vmd_99 Posted February 18, 2014 Share Posted February 18, 2014 if you don't want to capture in a file and analyze it later, you can use Wireshark live on your macbook while monitoring the interface br-lan with tcpdump on the Pinneaple. That way, you see the output of tcpdump in wireshark... live. You just need to output of the tcpdump in fifo file on the macbook. Your first create a fifo file on the macbook. The command is: Macbook:# mkfifo Name_of_the_file you can do it anywhere... Wireshark will be able to "listen" that fifo file like he can "listen" to a network interface... Now, you need to run the tcpdump command on the Pinneaple and output it to the fifo... Easiest way is to run tcpdump automatically after ssh login. The command you need to tcpdump on the pineapple and output it to the fifo you created on the macbook is: Macbook:# ssh root@172.16.42.1 tcpdump -ni br-lan -U -vv -w - > Name_of_the_file -U is for updating the output immediately. -vv is to receive some verbose output on your console. -w - > Name_of_the_file is to output the tcpdump data into the file with the appropriate format for wireshark. In wireshark, you need to create a new interface. You create it with the fifo file Name_of_the_file you created. That's it. P.S. The password input was a problem on my macbook when outputting into the fifo because ssh wants to output in a terminal, not in a file... You need to create a ssh pub key so authentication works from your macbook without a password... Quote Link to comment Share on other sites More sharing options...
Jsnk Posted February 22, 2014 Author Share Posted February 22, 2014 vmd_99, that sounds promising.. exactly what I want to do. I'm going to give it a shot. Thanks! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.