Announcement

**retiredcaps** · 11-27-2011, 04:42 PM

Re: Using a Hub to capture all traffic

Originally posted by shovenose View Post

I put an old Linksys 10/100 hub

If this is the Linksys EF2S24 from the other thread, this is a switch.

http://homesupport.cisco.com/en-us/wireless/lbc/EF2S24

You need to port "mirror" the packets to the wireshark port. This may be a software feature that is not present on older hardware.

**shovenose** · 11-27-2011, 04:51 PM

Re: Using a Hub to capture all traffic

It is not the same device. It's a 5-port NH1005

**retiredcaps** · 11-27-2011, 05:03 PM

Re: Using a Hub to capture all traffic

http://www.wireshark.org/faq.html

See section 7 (lots of info)

Just a snippet ...

Capturing packets
Q 7.1: When I use Wireshark to capture packets, why do I see only packets to and from my machine, or not see all the traffic I'm expecting to see from or to the machine I'm trying to monitor?

A: Note that even if your machine is plugged into a hub, the "hub" may be a switched hub, in which case you're still on a switched network.
Note also that on the Linksys Web site, they say that their auto-sensing hubs "broadcast the 10Mb packets to the port that operate at 10Mb only and broadcast the 100Mb packets to the ports that operate at 100Mb only", which would indicate that if you sniff on a 10Mb port, you will not see traffic coming sent to a 100Mb port, and vice versa.

**shovenose** · 11-27-2011, 05:16 PM

Re: Using a Hub to capture all traffic

I think it's really a hub. How do I check? Can I just take it apart and see if it's got a processor or not? All devices are running at 100

**NxB** · 11-27-2011, 05:24 PM

Re: Using a Hub to capture all traffic

Your hub is not dumb enough:

http://homecommunity.cisco.com/t5/Hu...ch/td-p/113461

**shovenose** · 11-27-2011, 05:41 PM

Re: Using a Hub to capture all traffic

Damn it. Anybody got a hub they want to sell me?

**smason** · 11-27-2011, 07:19 PM

Re: Using a Hub to capture all traffic

LOL. I had an old 3Com 10/100 hub laying around, didn't want to get rid of it but the brother of a friend of mine needed one for some weird plotter issue he had a work, and they bought it for more than it was worth.

I use port mirroring to do what you're doing. In fact I sniff all traffic to/from our main router and monitor bandwidth, and alarm on bad traffic like SMTP that isn't our mail server, malware packets etc.

**shovenose** · 11-27-2011, 07:53 PM

Re: Using a Hub to capture all traffic

And how do you do that on a 2Wire DSL Modem/Router/Gateway 2701hg-b ?

**NxB** · 11-28-2011, 02:06 PM

Re: Using a Hub to capture all traffic

Best you can do is put it into bridge mode and use a more capable router. The 2wire gateways aren't big on features.

**shovenose** · 11-28-2011, 05:57 PM

Re: Using a Hub to capture all traffic

I have wireless disabled, and I've got a netgear router doing all the important stuff. But, I can't put my Sniffer on the netgear.

**ant3202** · 11-30-2011, 03:29 AM

Re: Using a Hub to capture all traffic

heard from someone ... use a lan cable to do a loop, port one to port two and try out

**shovenose** · 11-30-2011, 08:59 AM

Re: Using a Hub to capture all traffic

I bought some shitty old hub on eBay for $8. If that does not work I will try some other methods.

**digge** · 11-30-2011, 11:23 AM

Re: Using a Hub to capture all traffic

read up on ARP poisioning and ARP spoofing, you can fool just about any cheap switch to act as if it were a hub. There are many tools for doing it, depending on platform and stuff, so just search and youll find. Or if you dont find anything tell what platform youre using and stuff and ill try to be more specific.

Expensive switches can have protection stuff that prevents it from working though.

**shovenose** · 11-30-2011, 08:26 PM

Re: Using a Hub to capture all traffic

Yes, I tried ARP spoofing... not reliable enough. Some websites give errors or wont load. Not acceptable, sorry!

**spermatagone** · 07-26-2012, 05:16 PM

Re: Using a Hub to capture all traffic

i think i am also in the same boat as the OP ..
can anyone help me confirm if the hub i m using is a real hub or switch? its TP-Link TL-SF1005D
here is link to its site..

its unmanaged one ..
http://www.tp-link.com/en/products/d...del=TL-SF1005D

if its a switch then can anyone tell me a good arp piosining software?
thanks.

**spermatagone** · 07-26-2012, 05:54 PM

Re: Using a Hub to capture all traffic

also i see a lot of arp in protocol field... and if its using arp i think its a switch ? what say ?

**smason** · 07-26-2012, 08:14 PM

Re: Using a Hub to capture all traffic

Originally posted by spermatagone View Post

i think i am also in the same boat as the OP ..
can anyone help me confirm if the hub i m using is a real hub or switch? its TP-Link TL-SF1005D
here is link to its site..

its unmanaged one ..
http://www.tp-link.com/en/products/d...del=TL-SF1005D

It's a switch.

ARP poisoning is unreliable and not worth the trouble.

The best ways to sniff a network are:

A network tap (pricey, but really work well)

A switch that can do port mirroring (still more money than the cheap Chinese switches)

A hub (harder to find)

Or, use a computer as the router, that way the NICs are seeing all traffic, and you just put one in promiscuous mode and go.

I do this at one of my clients, the same box that is the router, is also the IDS and network bandwidth monitor. Easy peasy.

**shovenose** · 07-27-2012, 12:49 AM

Re: Using a Hub to capture all traffic

I no longer need the hub I got on eBay for this purpose, as I no longer care about monitoring traffic on my network

If you want to buy it I'll send it to you. It's yours for $5+shipping(USA)

**spermatagone** · 07-27-2012, 02:50 PM

Re: Using a Hub to capture all traffic

Originally posted by shovenose View Post

I no longer need the hub I got on eBay for this purpose, as I no longer care about monitoring traffic on my network

If you want to buy it I'll send it to you. It's yours for $5+shipping(USA)

thanks for the very generous offer .. buti live in thirdworld country and shiping here will make it whoooopingly costly ..
hope i will get one in local market and scrap shops

they have many old computer and networking parts .. else i will go the samsone way ..
thanks all

Announcement

Using a Hub to capture all traffic

Using a Hub to capture all traffic

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment