2
So basically I want to make WireShark ( Windows ) capture packets of the home network. As you know, home-networks are usually set by local IPs ( 192.168 or 10.0 range ) instead of the WAN IP so if we run WireShark for packet capturing it will only display packets that the computer itself is connected to. So we can't see anything incoming to our IP specially a flood attack. So is there anyway to check all the packets?
Thanks.
Asad Moeen
Posted 2012-05-12T12:23:39.447
Reputation: 357
2
If you are doing port-forwarding on your router to one specific PC IP address, you can run packet capturing software like wireshark on that PC and you should see the traffic. This is regard incoming traffic only.
If you are interested in outgoing traffic, packet capturing should be done on a central point like default gateway.
Khaled
Posted 2012-05-12T12:23:39.447
Reputation: 649
2
It is quite difficult to do this on a home network. The switches that are built into domestic routers, aren't really setup to do this, and as you probably see, only allow you to see your own traffic and broadcasts from other users. You really need an business-grade switch/router that allows you to configure what is known as port-mirroring. This would allow a copy of traffic to be sent to a nominated port that you can sniff with Wireshark. Open-source router firmware like OpenWRT allow you do this on a domestic router, but only some are supported, and might be beyond the average user to setup.
There are a few other methods outlined here, http://wiki.wireshark.org/CaptureSetup/Ethernet
martyvis
Posted 2012-05-12T12:23:39.447
Reputation: 143
1
As martyvis said in his answer you can't really do this out of the box with most home / consumer setups. You need to separate your internet connection from the LAN router by using a separate ADSL or cable modem.
Once you have separated your Internet connectivity from your LAN you can start looking at where to put the traffic monitoring. You can, for example, put a hub (if you can still find one) between the internet modem and the LAN router/firewall which will let you see everything going into and out of your LAN.
MarcE
Posted 2012-05-12T12:23:39.447
Reputation: 254
Before you go looking for a hub, be sure to read the page on Ethernet hubs at the Wireshark site. Some late-model "hubs" are actually switches. – sawdust – 2012-05-12T23:15:02.703
I didn't know that - shows how long it's been since I needed to do this stuff in anger! – MarcE – 2012-05-13T07:57:37.923
Thanks that helped. All I needed it for was for incoming traffic. – None – 2012-05-12T13:28:09.897