Mirror network packets from WiFi to Ethernet in an ASUS Router RT N53

Question

I have an ASUS RT N53 router, running the default firmware (Linux 2.6.22 with busybox and uclibc). I need to capture data packets from some Wi-Fi devices I have connected to that router (iPad and some smartphones), but the router is not forwarding any package coming from Wi-Fi devices to the Ethernet Ports. Any idea how can I proceed? Available tools in the router are iptables (no tee option, though), ebtables, brctl...

Currently the ethernet and Wifi devices are forming a bridge:

# brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.50465dc06be2       no              vlan0
                                                        eth1

No ebtables rules:

# ebtables -L
Bridge table: filter

Bridge chain: INPUT, entries: 0, policy: ACCEPT

Bridge chain: FORWARD, entries: 0, policy: ACCEPT

Bridge chain: OUTPUT, entries: 0, policy: ACCEPT

score 1 · Accepted Answer · answered Oct 23 '13 at 16:52

You cannot simply do that with those tools. If the traffic is between the Asus box & a wifi device, that traffic will never get bridged to the Ethernet interface.

What you can do:

Capture the traffic on the Asus box (running tcpdump there), and copy the resulting dump file to your workstation,
Use one device as the wifi - Ethernet bridge (an Access Point), and another as the default router for the wifi devices. So you either turn off the routing in the Asus box and put another router to the Ethernet LAN, or you turn off the wifi radio in the Asus box and put a bridge-mode AP without any routing functionality.

Can that be done with an OpenWRT firmware? – fazineroso Oct 24 '13 at 13:54 — fazineroso, Oct 24 '13 at 13:54
Yes, `tcpdump` is available on OpenWRT. – Laszlo Valko Oct 24 '13 at 14:24 — Laszlo Valko, Oct 24 '13 at 14:24

Mirror network packets from WiFi to Ethernet in an ASUS Router RT N53

1 Answers1