Bridging interfaces and capturing traffic

    Apr 2006

    Bridging interfaces and capturing traffic

    Hey all,
    I am working on something here at home and I basically want to capture packets between my cable modem and wireless router. I have a dual nic'd pc running linux and I'd like to be able to bridge my interfaces and dump the traffic (preferably tcpdump) into a pcap file that I can view later.

    I want the MITM (Machine in the Middle) to be as transparent as I can get it, so I thought iptables would come in to play.

    Anyone have experience setting something like this up?

    IcSilk
    Aug 2001
    Im not sure if Im understanding exactly what your asking, but if your running lnux, it would be real easy to set your wireless card to ho mode with airmon-ng utility and capturing on mon0 (or whichever) interface with wireshark. wiresharks filtering syntax is pretty straight forward and you could easily isolate the data you want to intercept (modem -> router).
    Apr 2006
    I ended up figuring it out. I was basically trying to put a linux box between my router and cable modem and capture and forward all traffic (much like arpspoof but on a permanent basis) all the while being undetected.
    The linux box was dual nic'd so I just ended up bridging the two nics and running tcpdump off of the bridged connection. All the traffic went through flawlessly, unassigned IPs to the interfaces so it is 'invisible' on the network and can capture data no problem .

