2

I hope someone can help me out with a somewhat simple task.

I'm trying to redirect a client in my router through my desktop PC, so I can dump the traffic and analyze it (its potential source of poisoning the network with malicious packets).

The problem is that I don't have a second NIC on my hands and I was hoping I could redirect all the traffic from that IP through my PC, in essence performing a MiTM attack for the client. Does anyone have any idea where to start?

Current state:

(localip) --> (router) --> (internet)

And what i want to do:

(localip) --> (pc) --> (router) --> (internet)

HopelessN00b
  • 53,795
  • 33
  • 135
  • 209
Anonymous
  • 161
  • 3
  • 1
    IMHO the the fastest and cheapest solution is to buy a 2nd NIC in the nearest supermarket. –  Sep 15 '12 at 16:15

3 Answers3

4

A 2nd NIC turned out to be the easiest way, as the iptables on my router seems too limited. The MiTM attack worked, but I missed a lot of packets, and in the end it wasn't as reliable as dumping the traffic directly from the NIC.

Thank you all for the answers.

HopelessN00b
  • 53,795
  • 33
  • 135
  • 209
Anonymous
  • 161
  • 3
2

Have you tried making your PC the default gateway for the client? You may need a rule on the router to route traffic for the client to the PC. Your PC will need to route traffic for the client, and be configured to routeback out the existing NIC.

From your question it appears your PC is running Linux, so you can use Shorewall to configure iptables on the PC. You can then capture traffic as you wish.

BillThor
  • 27,737
  • 3
  • 37
  • 69
1

You can do this with a tool like ettercap. It works using ARP poisoning. So, your PC will become the default gateway of the client machine and your machine can forward the traffic to the original router.

Khaled
  • 36,533
  • 8
  • 72
  • 99
  • I can easily do that, but the problem is that not all traffic can be captured and in my tests more than 50% of the traffic is not redirected. Is there another solution? – Anonymous Sep 15 '12 at 14:55