Sniffing and logging HTTP Traffic through my wireless router

I want to sniff traffic going through my wireless router. The router is provided by my cable company, so I don't want to flash the firmware or anything, so my questions is: Is there any software or such that I can install on one of the computers on my network, and have it log the HTTP request/response?

Use case: I'm playing a game on my Droid, and I want to see the traffic.

Note: I've already tried setting up a proxy and logging that way. The game seems to be bypassing my Proxy settings. Other web traffic will go through my proxy, but not the game's traffic. I know it's using HTTP, because the game DOES obey the proxy on my friend's iphone (same game). So setting up a proxy isn't a solution that will work.

Any help or guidance is greatly appreciated!


Solution 1:

With the router you have, unless it allows you to mirror traffic to a port on it, wont let you do this. There are a few ways you could get the traffic:

One, you could setup a hub, not a switch, between the router and the internet and then plug a computer running a packet sniffer like Wireshark into another port on the hub.

Two, you could setup a computer as a gateway between the wireless router and the internet and have all traffic captured using a tool like Wireshark or tcpdump.

Three, setup a new wireless access point that is connected to a hub and have the internet router connected to that hub and a computer connected to that hub running a tool like Wireshark.

Or you could get a router that lets you mirror all traffic to a port on it and plug a computer into that port running a tool like Wireshark.

Sometimes with the right hardware you can capture wireless traffic with Wireshark, if you search the internet there are a few how-tos on how to do this.

You can also look at using something like a AirPcap

Solution 2:

Another approach is to try using ettercap to sniff your LAN. It has various man-in-the-middle techniques - the most useful on a LAN is the poison ARP Man-In-The-Middle (MITM) approach (assuming your default gateway is 192.168.0.1 - check in your network settings):

ettercap -T -M arp:remote /192.168.0.1/ //

Generally this should redirect all traffic to the machine that's running ettercap - some devices may manage to sidestep the approach.

If you see an error ("Incorrect number of token (///) in TARGET !! ") then it likely down to the fact that your version of Ettercap is IPv6 enabled (as mentioned here) then you will need to use a slightly modified syntax:

ettercap -T -M arp:remote /192.168.0.1// ///

Otherwise you'll need to investigate your router and check if it can support port mirroring or link layer bridge modes. The Thomson/Technicolor/Speedtouch routers do support PPP over Ethernet (PPPoE) bridging and some can also do port mirroring.

Solution 3:

Sniffing HTTP traffic on an Android device