Jump to content

Monitoring internet sharing on eth0


Jsnk
 Share

Recommended Posts

So one radio (wlan0) I have acting as a hotspot, the other (wlan1) I have acting as a client. I've verified sharing internet from wlan1 to wlan 0. I want to monitor what passes through via eth0, essentially mirroring one of the wlan interfaces to eth0. Is this possible? Having a heck of a time finding directions online.

Thanks

Link to comment
Share on other sites

So one radio (wlan0) I have acting as a hotspot, the other (wlan1) I have acting as a client. I've verified sharing internet from wlan1 to wlan 0. I want to monitor what passes through via eth0, essentially mirroring one of the wlan interfaces to eth0. Is this possible? Having a heck of a time finding directions online.

Thanks

If you are connected to eth0, you are automatically on the same vlan as anyone on wlan0. But realistically, you'd want to sniff br-lan as that is the bridge interface.

Best Regards,

Sebkinne

Link to comment
Share on other sites

But I'd like to use wireshark or tcpdump on eth0 and see everything that is passing through. I dont see that happening now. Is there a way to mirror the bridge interface to eth0? Or make eth0 part of the bridge?

To do this, you'll need to run tcpdump on the pineapple, on br-lan. You could capture to file and analyze this somewhere else if you wanted.

Best regards,

Sebkinne

Link to comment
Share on other sites

if you don't want to capture in a file and analyze it later, you can use Wireshark live on your macbook while monitoring the interface br-lan with tcpdump on the Pinneaple. That way, you see the output of tcpdump in wireshark... live.

You just need to output of the tcpdump in fifo file on the macbook.

Your first create a fifo file on the macbook. The command is:

Macbook:# mkfifo Name_of_the_file

you can do it anywhere...

Wireshark will be able to "listen" that fifo file like he can "listen" to a network interface...

Now, you need to run the tcpdump command on the Pinneaple and output it to the fifo...

Easiest way is to run tcpdump automatically after ssh login.

The command you need to tcpdump on the pineapple and output it to the fifo you created on the macbook is:

Macbook:# ssh root@172.16.42.1 tcpdump -ni br-lan -U -vv -w - > Name_of_the_file

-U is for updating the output immediately. -vv is to receive some verbose output on your console. -w - > Name_of_the_file is to output the tcpdump data into the file with the appropriate format for wireshark.

In wireshark, you need to create a new interface. You create it with the fifo file Name_of_the_file you created.

That's it.

P.S. The password input was a problem on my macbook when outputting into the fifo because ssh wants to output in a terminal, not in a file...

You need to create a ssh pub key so authentication works from your macbook without a password...

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...