Ethereal and routers question

Pete Nesbitt pete at linux1.ca
Sun Jun 27 16:25:49 UTC 2004 

On June 26, 2004 12:51 pm, Sergio Del Pino wrote:
> I succesfully installed the Ethereal on a RH9. I would like to capture the
> packets for the whole network , not just those coming and going to my eth1.
> This RH9 is a desktop in the network and "not used as a router", then I'm
> not sure if it's possible to sniff into the routers packets. The router is
> a Linksys  Wireless-B Broadband Router BEFW11S4.
> I think (not sure why) I'm capturing everything coming into the LAN but
> only those packets going out from my eth1. This means I get :
>
> 192.168.1.100 <----> WAN
>
> but only
>
> LAN (192.168.1.xxx) <----- WAN
>
> and  I would like to have from this desktop (I don't know how to do this on
> the Linksys)
>
> LAN (192.168.1.xxx) <-----> WAN
>
> in order to capture all the packets.
>
> My network map is something like this:
>
> INTERNET
>
> Dinamic public IP (WAN)
>
>   | CISCO 677*|
>
>        10.0.0.1 (LAN)
>
>        10.0.0.2 (LAN?/Intenet?)
>
>     | Linksys**|
>
>     192.168.1.1 (LAN)
>
>             |---192.168.1.100 (RH9 w/Ethereal)
>             |---192.168.1.101
>             |---192.168.1.102
>             |---192.168.1.nnn
>
> * DSL modem router using PPPoA
> ** router and wireless accespoint
>
> any clue to use the ethereal to capture in/out Linksys packets?
> Also I would like to have an advice if there is another way to configure
> this devices (DSL modem router/ Wireless router) referring to ip lan side
> numbering (10.0.0.1/10.0.0.2/192.168.1.1/192.168.1.nnn)
>
> Thanks in advance,
>
> Sergio
>


Hi,
The Linksys is acting as a switch for your internal LAN and I doubt there is a 
config option to turn that off. Any packets you see from the LAN would be 
broadcasts (arp etc). As far as I know, the only way to force a switch to act 
like a hub is to overflow the MAC tables on the switch, which typicaly puts 
the switch into a learning mode so it broadcasts until it builds new tables 
for what MAC is on what port. While the switch is rebuilding, you should be 
able to capture everything. A reboot of the switch may do the same thing.

-- 
Pete Nesbitt, rhce

More information about the redhat-list mailing list