Duplicar tráfico de red con router TP-Link TL-WR841N

 

 

Clonaremos el tráfico de internet con un router TP-Link TL-WR841N v11.,

para más tarde poder inspeccionarlo mediante Wireshark.

Pasos:

1- Instalar OpenWrt: https://openwrt.org/

2- Conectarse al router:

root@antix1:/home/lolo# ssh -oHostKeyAlgorithms=+ssh-rsa root@192.168.1.1
root@192.168.1.1's password:


BusyBox v1.28.4 () built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 18.06.9, r8077-7cbbab7246
 -----------------------------------------------------

3- Instalar y configurar mod-tee

root@OpenWrt:~# opkg update

root@OpenWrt:~# opkg install iptables-mod-tee
Installing iptables-mod-tee (1.6.2-3) to root...
Downloading http://downloads.openwrt.org/releases/18.06.9/targets/ar71xx/tiny/packages/iptables-mod-tee_1.6.2-3_mips_24kc.ipk
Installing kmod-ipt-tee (4.9.243-1) to root...
Downloading http://downloads.openwrt.org/releases/18.06.9/targets/ar71xx/tiny/packages/kmod-ipt-tee_4.9.243-1_mips_24kc.ipk
Configuring kmod-ipt-tee.
Configuring iptables-mod-tee.
root@OpenWrt:~# modprobe xt_TEE
xt_TEE is already loaded

 

4- Por último las reglas con iptables: 

iptables -A PREROUTING -t mangle -i br-lan ! -d <IP_A_TESTEAR> -j TEE --gateway <IP_DEL_PC_CON_WIRESHARK>

iptables -A POSTROUTING -t mangle -o br-lan ! -s <IP_A_TESTEAR> -j TEE --gateway <IP_DEL_PC_CON_WIRESHARK>

ejemplo:

iptables -A PREROUTING -t mangle -i br-lan ! -d 192.168.1.131 -j TEE --gateway 192.168.1.207

iptables -A POSTROUTING -t mangle -o br-lan ! -s 192.168.1.131 -j TEE --gateway 192.168.1.207

Mis direcciones de red:

Master "OpenWrt" (wlan0)
TY_WR.lan (192.168.1.131)

antix1.lan (192.168.1.207) 

PD:

En un principio intenté descargar tcpdump pero el router TP-Link TL-WR841N tiene tan poca memoria libre que no tiene sitio para descargar tcpdump ni mini-tcpdump.

root@OpenWrt:~# opkg install tcpdump
Installing tcpdump (4.9.3-1) to root...
Collected errors:
 * verify_pkg_installable: Only have 80kb available on filesystem /overlay, pkg tcpdump needs 284
 * opkg_install_cmd: Cannot install package tcpdump.
root@OpenWrt:~# free
             total       used       free     shared    buffers     cached
Mem:         27820      18976       8844       1060       1164       4828
-/+ buffers/cache:      12984      14836
Swap:            0          0          0
root@OpenWrt:~#  sync && echo 3 > /proc/sys/vm/drop_caches
root@OpenWrt:~# free
             total       used       free     shared    buffers     cached
Mem:         27820      15204      12616       1060         96       2920
-/+ buffers/cache:      12188      15632
Swap:            0          0          0
root@OpenWrt:~# opkg install tcpdump
Installing tcpdump (4.9.3-1) to root...
Collected errors:
 * verify_pkg_installable: Only have 80kb available on filesystem /overlay, pkg tcpdump needs 284
 * opkg_install_cmd: Cannot install package tcpdump.
root@OpenWrt:~# opkg install tcpdump-mini
Installing tcpdump-mini (4.9.3-1) to root...
Collected errors:
 * verify_pkg_installable: Only have 80kb available on filesystem /overlay, pkg tcpdump-mini needs 130
 * opkg_install_cmd: Cannot install package tcpdump-mini. 

+Info:

https://www.testdevlab.com/blog/setting-up-router-traffic-mirroring-to-wireshark