Promiscuous wifi sniffing with CTR350?

scirocco · EVDO Newbie Joined: 24 Mar 2008 Posts: 2

Hi there!

I have a minor need to keep an eye on the network traffic that goes across my CTR350 (teen exchange student in the house). I've found some software that does what i want (captures URLs etc, but not actual content of traffic) so that i can keep an eye on things without being too intrusive.

Anyhow, this program and all others in it's class are simple ethernet sniffers.

This means they only capture the packets that are on the "local" network segment. Wifi being a switched environment means it only captures traffic from the local machine.

SO. With Cisco gear there's an option called "SPAN" that essentially mirrors all the traffic from one port to another. Sometimes this is called port mirroring or RAP too.

Is there any way to enable this or a similar function on the CTR 350?

Thanks!
~aaron

manganos · Posted: Mon Mar 24, 2008 4:34 pm Post subject:

So I'm assuming WireShark won't help you? It is a free download.

scirocco · EVDO Newbie Joined: 24 Mar 2008 Posts: 2

Hmm.. nice idea. The software looks good (more open than the EffeTech HTTPSniffer i was trying out), but in order to capture wifi directly, gotta buy a $200 usb wifi dongle.

That's a bummer.

If i could get the wifi router in the CTR350 to just repeat all the network traffic to my own port (like a dumb hub), then i could use the free version(s).

Thanks for the pointer!

~a

gregh2000 · EVDO User Joined: 24 Oct 2007 Posts: 39

why not connect the ctr350 to your ethernet on your computer and turn off its wifi. then use your built in wifi to make an ad-hoc network that uses internet connection sharing to run to your ethernet port. just an idea but you might as well just plug in the aircard to your pc and do it that way.

or you could plug your aircard into your pc, ctr350 into your ethernet port and setup ics between them. use the ctr350 as a regular wifi router and then all the traffic would have to go through your pc to get to the aircard.

again both of these way defeat the purpose of the ctr350, lol.

yonnie · EVDO Fledgling Joined: 06 May 2008 Posts: 14

Sounds like you're trying to set up a network and maybe wanting to block access to various websites? And perhaps other stuff?

I'm going to be connecting my ctr350 to the external port on an Untangle router. (available at Untangle.com) The free version allows probably better than typical protection with an anti-virus/phish/spy/protocol/websites that updates about every hour. The unit can function as a NAT router too! You'll need an old PC with two NIC's. The OS (Linux) comes with the Untangle, just boot from the CD and Install. From then on the PC is an Untangle box. The faster the PC is the better it performs and extra memory is a big help too. Connect a hub to the internal port, and connect your LAN to the hub. Not only protect the teenager, but protect your network, automatically

richp01 · EVDO User Joined: 16 Jan 2008 Posts: 29

Not sure if this will provide you all the information you are looking for. But the CTR can be setup to log all websites visited by a specific computer using either IP or MAC. The log can be a bit dificult to sort though but it can be e-mailed to you on a Schedule or when the log is full. From there you can potentialy sort through it a bit easier.

To set it up you need to start by adding a Policy which can be found in Advanced -> Access Control -> click the Add Policy button and follow the on screen instructions. After you have added either the MAC or IP the next screen has a radio button labeled Log Web access only.

After you reboot the router all web sites visited from that computer will be entered into the log.

Also, the CTR can be set up to use OpenDNS which will help filter out inappropriate sites. This is found in Advanced -> Web Filter

Obviously if you are looking to get more information then just visited web sites this does not really help, but I thought it was worth mentioning.