How can I capture packets going from my router to a specific server?

router sniffing

I have a small local network in my house that has two computers connected to a modem-router. I want to capture the packets going from the router to a specific server (I know the IP address of the server).

The router's manufacturer is D-Link.


Solution 1:

First you're going to have to get in between all that traffic. You could do this in a number of ways, the simplest of which is probably to identify if you truly need the traffic from both computers or just the traffic from a single computer.

If you need both, hook the computers up to a hub and then to the router. A hub will send all network traffic to all ports, where a switch will only send it to its intended destination.

If you only have a switch, I suppose you could rig one computer as a gateway and point the second computer towards it, but that's messy.

If you need all the traffic, even the router, place a hub after your router and hook a computer to it. This will probably only work if the traffic you're trying to capture doesn't originate from the machine you're using to capture the packets, otherwise you're going to run in to some more messy configuration.

Once you have all the traffic flowing past your computer's NIC, grab a packet sniffer (I actually prefer Windows Network Monitor over Wireshark) and start grabbing the packets. You'll probably want to filter the traffic to just display the server in question. Filters in Microsoft Network Monitor are very user friendly: enter image description here

Solution 2:

If you run DD-WRT on your home router, you can run tcpdump directly on the router, with the output brought back to your local system for later processing.

An example:

ssh [email protected] -c "tcpdump -v -w - -i eth2" > mypackets.pcap

Just hit Ctrl-C when done, and load the capture file into your favorite analysis tool such as Wireshark.

Solution 3:

With an enterprise grade router or switch, you would be able to mirror a port and use a packet capture program like wireshark or netmon to do this. With a d-link router, there's really no way to do this built it.

One solution would be to get a network hub (not a switch, but a hub) and place it on your internal network. Then plug the uplink from the hub into a port on your router. You've now created a situation where all traffic in and out of your network will hit all of your machine's NICs, because you're using a hub. If you do this, you'll be able to run wireshark or netmon in promiscuous mode and capture all of this traffic. Writing a filter to isolate traffic to/from a specific IP is trivial.

Related

Understanding CSS for user styling in a browser
Does Windows flush drive caches on standby?
Firefox keyboard shortcut to switch search engines in search bar
Why does my computer power off suddenly and without warning?
How to move Users folder in Windows 7 to another drive in order to save space in SSD main drive? [duplicate]
Is it possible to use a nVidia GPU to render graphics if the monitor is connected to the motherboard video port?
Can a single-threaded program be made to use multiple cores?
Map Caps-Lock to Control in Windows 8.1
Zombie process using 100% CPU
Why is my LAN not gigabit?
Microsoft Edge keeps taking over PDF file open/association
Start a Zoom meeting from the command line