1

I have a TG585v7 as a router with several machines plugged into it. In the default setup, the packets are only delivered to the specific machine but I want to be able to setup to monitor all network traffic on one of the machines, i.e. I need those packets to be picked up when my ethernet card is in promiscuous mode. Is this possible?

Guide here has this "mcastpromisc Make the IP interface multicast promiscuous. OPTIONAL", is this what I am looking for? Does it mean I need to manually add all my machines by their MAC addresses to be able to receive packets destined for them? Or am I out of luck and I need to get a better router?

0x4B1D
  • 141
  • 7

2 Answers2

1

From the documentation you linked, ip ifconfig mcastpromisc is related to multicast traffic. However his syntax from pages 310-312 should work to replicate all traffic flowing through port 2 and 3 on port 1 (capture port):

eth switch mirror capture 1
eth switch mirror egress 2 enabled
eth switch mirror ingress 2 enabled
eth switch mirror egress 3 enabled
eth switch mirror ingress 3 enabled

Piece of warning though, this is untested, so syntax may vary a bit (get help with ?) and capturing more traffic than the capture port bandwidth could make your router do weird stuff (freeze, heavy packet loss...).

petrus
  • 5,287
  • 25
  • 42
0

You could also try using ettercap to sniff your LAN. It has various man-in-the-middle techniques - the most useful on a LAN is the poison ARP mitm approach (assuming your default gateway is 192.168.1.254 - which common for Thomson devices - check in your network settings):

ettercap -T -M arp:remote /192.168.1.254/ //

This should redirect all traffic to the machine that's running ettercap - some devices manage to sidestep the approach but generally it works well.

If that doesn't work well enough then you can go the whole hog and turn your router into pass-through modem bridge using PPP over Ethernet (PPPoE) - It may also possible using PPTP as well but you'll have to check that. This usually involves loading new config on your router (though some have a bridge option on setup) and terminating the PPPoE on your own router machine in your home network - which would also need to run a DHCP server and probably some form of firewall. There details on setting it up for BE Thomson boxes, and more general discussions on bridging with Thomson/technicolor/Speedtouch here: forums.whirlpool.net.au/archive/1409575#r23290154

Pierz
  • 553
  • 6
  • 9