In my test environment, I connected a tap switch in front of the wireless router. This tap has 5 ports and port 5 is the mirror port which is connected to a computer. At port 1, modem is connected, port 2 is connected with the WAN port of router. Though the mirror port sees the traffic of devices connected to this wireless router, but the issue is that public IP is appearing when capturing the packets through tcpdump. I want to see the private IP addresses of the devices. What is the best way to reconfigure it in a way that it captures traffic before NATing? Both hardware and software solutions are welcome.
Asked
Active
Viewed 97 times
2 Answers
2
On the WAN side of your router, only public addresses exist. The router is performing NAT. You will need to tap on the LAN side of your router to see private IP addresses since the router changes the source addresses of the packets as they travel from LAN to WAN.
Ron Maupin
- 3,243
- 1
- 12
- 20
-
How? the wireless devices are connecting to the router in the air and ideally I need to tap that air between them. It is easy to tap the LAN for wired devices connected to router but not sure how to do same for wireless devices? – user3806770 Jan 11 '16 at 08:04
-
That is a drawback of having an integrated device. With a separate router and WAP, you could tap the link between them, and also place the WAP in the best place for coverage. Anyway, if you don't have such an option built into the integrated device, you are stuck. It's not a normal consumer function, so the manufacturers don't often build it in. – Ron Maupin Jan 11 '16 at 15:05
2
If your setup is Modem --> Tap --> Router --> Devices
Then all you should see is the Public IP because the NAT will take place in the router.
Nick Young
- 688
- 4
- 14