March 23rd, 2012 09:39 PM
Bridging interfaces and capturing traffic
I am working on something here at home and I basically want to capture packets between my cable modem and wireless router. I have a dual nic'd pc running linux and I'd like to be able to bridge my interfaces and dump the traffic (preferably tcpdump) into a pcap file that I can view later.
I want the MITM (Machine in the Middle) to be as transparent as I can get it, so I thought iptables would come in to play.
Anyone have experience setting something like this up?
March 30th, 2012 04:34 AM
Im not sure if Im understanding exactly what your asking, but if your running lnux, it would be real easy to set your wireless card to ho mode with airmon-ng utility and capturing on mon0 (or whichever) interface with wireshark. wiresharks filtering syntax is pretty straight forward and you could easily isolate the data you want to intercept (modem -> router).
"In most gardens they make the beds too soft - so that the flowers are always asleep" - Tiger Lily
April 13th, 2012 07:47 PM
I ended up figuring it out. I was basically trying to put a linux box between my router and cable modem and capture and forward all traffic (much like arpspoof but on a permanent basis) all the while being undetected.
The linux box was dual nic'd so I just ended up bridging the two nics and running tcpdump off of the bridged connection. All the traffic went through flawlessly, unassigned IPs to the interfaces so it is 'invisible' on the network and can capture data no problem .
By Tiger Shark in forum The Security Tutorials Forum
Last Post: March 4th, 2004, 04:00 PM
By gore in forum Newbie Security Questions
Last Post: December 29th, 2003, 07:01 AM