Join Log in
Score:0
davidledger avatar Ubuntu

How to 'snoop' a wired connection?

nc flag
davidledger

In the 'good old days' you could run 'snoop' on a wired network connection and see the packets going by. (Before the days of switches.)

I have a router that disconnected from anything other than my Ubuntu laptop. I have no idea what network it is set to use, and just broadcast pinging obvious possibilities gives me nothing.

The tools that exist seem to only work on WiFi interfaces not hardwired.

Ideas please.

David

56
1 + 5
ru flag
Thomas Ward
This 'router' - it only works on Ethernet and not wifi anymore? We need some details here to understand what exactly is happening and what you're trying to figure out.
0
Reply
ru flag
Thomas Ward
Ethernet snooping needs to be done with port mirrors at the switch/router levels, or with a Network TAP (Layer 1) device that enables traffic cloning/duplication across a link and 'mirrors' the traffic to a monitoring device port, which you can then listen on with Wireshark or similar to track the data. (Basically, a plugged in and connected, but unconfigured, ethernet port). TAPs are not cheap though, they run ~$150+ for gigabit network taps). "Old days" used "Hubs" - the moment Routers and Switches came into play that 'old day' method needed some Layer1 tweaking to work with extra devices
0
Reply
ru flag
Thomas Ward
Are you trying to snoop from the Ubuntu laptop, or do you intend to 'snoop' from a third device on the network?
0
Reply
davidledger avatar
nc flag
davidledger
I am wanting to snoop from the Ubuntu laptop. Just to see what the router may be sending out and from what IP address. The change to switches making snooping difficult is I suppose why I've lost contact with the method for 25 years or so.
0
Reply
ru flag
Thomas Ward
tcpdump. Or wireshark for a GUI.
0
Reply
Score:1
gandalfk8 avatar Ubuntu
cn flag
gandalfk8

what I usually do when I find a lost device is connecting to it with my computer and setting tcpdump to listen to that wired interface:

ES: tcpdump -i eth0

in this way you might see some packets from the device and find it's ip. I've used this workaround many times.

edit: in this case I'm using linux as my OS and have to launch the command with elevated privileges, thus with "sudo" infront or from the root user.

0 + 4
ru flag
Thomas Ward
Not really sure this answers OP's question?
0
Reply
gandalfk8 avatar
cn flag
gandalfk8
OP talks about snooping, but since they have the router hooked directly up to the pc I think that tcpdump reaches OP's goal (also since OP's is probing in attempts with pings the unknown network)
0
Reply
davidledger avatar
nc flag
davidledger
tcpdump is indeed what I needed. I'd just forgotten its existence. Haven't really had this problem since UTP networks. Used to use snoop on thin and yellow cable networks a lot. I'm trying to set this router up as a secondary WiFi access point but I keep losing access to it. Thanks to all who responded.
0
Reply
in flag
Simon Banks
wireshark is a GUI application around tcpdump.. A lot easier to interpret the TCP or UDP traffic.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.