1

I have a very old router and in my routers admin page there is no option to write any commands or view traffic in any way, i tried using Putty to get inside it with port 22 and I get a connection with a command line but when I type the right username + password I get access denied.

I'm new to this subject and from where I read/watch I gather I can either get a file from my router to input into wireshark or connect into my router ( somehow ) and run a few commands that will connect it to wireshark.

Is there any way to get traffic flow into wireshark, or a log file from my old router?

John Bro Doe
  • 11
  • 2
  • Much of what you are asking does not make sense. Why do you want to run wireshark? What *outcome* do you want? – schroeder Feb 09 '18 at 22:13
  • Are you asking to extract traffic data from your router so that you can import it into wireshark to analyse traffic? – schroeder Feb 09 '18 at 22:15
  • If so, 1) we would need to know what router you have so that see could find out if it is even possible (what are your router's functionalities), 2) this is not a security question. Ultimately, this is a question for the router's vendor or the router's documentation. – schroeder Feb 09 '18 at 22:16
  • Sorry if I do not make sense, I am aware of other tools but I only run a VM kali linux so I assumed wireshark is my only option, This is a security question because I want to check my router traffic to determine if it is legit, and my router is very old.. is there no way to extract traffic from an old router? – John Bro Doe Feb 09 '18 at 22:16
  • You want to use the answer to inspect traffic, but it is not a security question itself. Why not run packet captures on the live traffic coming out of your router? Again, we cannot tell you what is possible with your router if you do not tell us what it is, and you can check its capabilities yourself by looking up its documentation. – schroeder Feb 09 '18 at 22:31

1 Answers1

0

It sounds like you want to run a Man In The Middle attack on your local network.

Essentially, you'll ARP-Poison each host on your network, replacing the MAC of the router with yours, and on the router you'll replace each hosts MAC with yours. This will cause all traffic between your router and hosts on your LAN to transparently route all traffic through your machine - be sure your network card can handle it.

Once you have the ARP-Poisoning done, you can do whatever you like with the traffic, including sniffing with Wireshark.

If you're unfamiliar with ARP spoofing (aka ARP-Poisoning), I'd suggest using Ettercap. If you're on Windows, Cain & Abel seems to work well, though I haven't used it in ages. These programs take care of a lot of the intricacies involved with setting up ARP spoofing.

Gogeta70
  • 233
  • 2
  • 6