0

Good evening everyone!

I'm looking to host a wifi access point using my DD-WRT (Linksys WRT54G) with a PC running Kali Linux 1.1.0 (Debian) to monitor the traffic. Effectively the traffic would flow like this:

Cable ISP -> Modem/Router Combo -> Dumb switch -> Linux PC -> Wireless AP -> Clients

The problem lies within the Linux PC, possibly the DD-WRT AP. I've been trying to use different tools such as the bridge-utils package and iptables with absolutely no luck. I just want the linux PC to act as a passive monitor on the network.

Everything in this network is connected with Ethernet, the only wireless entity will be the wireless AP.

I just want the router to work as though it's connected right to the modem/router combo (which has been tested to work, router config is good I think...)

Thanks to anyone that takes a whack at this crazy little project of mine. I'm open to any soultion, bonus points for simplicity or scripting.

Improve this question

2 Answers 2

Reset to default
0

You can modify iptables to copy all packets into new port, associated with IP of collect machine. First problem to solve is ROUTE and --tee module functionality was not loaded...you have to run on shell:

/sbin/modprobe ipt_ROUTE

Then, 'ROUTE' enables router to receive the packet and route it towards an interface or a host. Using it with the '-tee' switch, which results in the packet being copied but the original packet traverses through the router as normal and undisturbed by new iptables rules

/usr/sbin/iptables -t mangle -I PREROUTING -i eth0 -j ROUTE --gw <ip_collect_machine> --tee

/usr/sbin/iptables -t mangle -I POSTROUTING -j ROUTE --gw
<ip_collect_machine> --tee -d ! <internal_network>/<mask>
Improve this answer
0

I'd go with another approach: Use port mirroring on the WRT54G and connect your linux PC to the mirrored port to monitor the traffic. Alternative: replace your dumb switch with a hub (a hub keeps sending out all traffic on all ports in contrast to a switch) and connect PC and WRT54G to it. If none of the above is an option then we need more details on what you tried until now.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .