Converting a router to hub for WAN Dump?

By webcan
Nov 26, 2010
Post New Reply
  1. HI! I need to generate a WAN dump. I have the following setup (pic below) I am using "Wireshark" to intercept the data. I was told that I need a hub but I only have a router. D-link "DL-604 router" How to I turn this router into a hub?

    PS. I am not exactly sure how to create a Wan dump but I was told the following.

    ("add a hub to the wan port add your pc and create a connection dump with wireshark
    ")

    Can someone tell me if this the right way to accomplish my task?

    Paul D

    Mlppp Wan Dump Diagram.jpg
  2. jobeard

    jobeard TS Ambassador Posts: 13,284   +281

    I think that is not possible, here's why.

    A hub has one uplink and two or more down links to systems. Anything that arrives on the
    input slot is dupicated to every active down link by the hardware.

    A switch is more efficient than a hub. Instead of broadcasting everywhere, a switch
    moves data to the attached device which should see that data. The other attached devices do not see the traffic at all.

    Routers today have more functionalities: Nat and SPI. The NAT feature is used to allow
    multiple systems to share the WAN link to your ISP (this is why we use a router and not a hub).
    But in addition to NAT, routers operate like a switch. So data coming in from the lan-slot#1 goes to the WAN slot and the other devices see nothing.

    *IF* you need a hub, then in my opinion, you need a hub and a router/switch will not do.
  3. webcan

    webcan Newcomer, in training Topic Starter

    I have read other ports that so suggest that it is possible with the DL-406 ( because its just a cheap home router which by experts is nothing more than a slightly upgraded switch) by disabling DHCP. But what I am not sure of is the actual physical connection and if there is other things that I might have to do?

    ps, is there a way of configuring the router to copy port 1 to port 2 ? Wouldn't this be like a hub?

    Note: Pic Updated

    Paul D

    Mlppp Wan Dump Diagram.jpg
  4. jobeard

    jobeard TS Ambassador Posts: 13,284   +281

    We often dasiy chain router#1 to router#2 like this
    Code:
    isp==(wan_port)router#1(lan_port)------(lan_port)router#2(lan_ports)--->systems
    and leave router#2 WAN empty.

    Leaving router#2 WAN empty removes its NAT+SPI features

    Disabling the DHCP in router#2 forces router#1 to be the single point of control to issue new IP address.
    It does not remove the switching implementation which is in the hardware
  5. webcan

    webcan Newcomer, in training Topic Starter

    HI! sorry but I am a little confused. The router2 that you are referring too, is this the "Router as Switch" in the diagram.

    and the code. is this a command code that I enter into the Router as Swich command line"?

    And then do I disable DHCP in the "Router as switch"?

    And do I need to do anything in Windows XP " Local Area connections" under TCP/IP.?

    Sorry for all the questions, I have never done anything like this before and my knowledge in routers/networking is Intermediate at best.

    Paul
  6. jobeard

    jobeard TS Ambassador Posts: 13,284   +281

    NO. Router#2 is from my post
    NO. We is the CODE tag to preserve white space in our comments
    YES, but the PC has no DHCP service as shown in your picture

    Your picture is frought with issues and will not perform as you expect.

    The Gateway router in your picture (aka my router#1) is normally directly connected to the modem.


    If you attempt to use Router as a Switch per your picture,
    no traffic flows to Ether#2 by the design of a switch.

    If you replace the Switch with a HUB,
    the wan side of the Gateway router will be given the DHCP address from the ISP,
    and Ether#2 will see all traffic in+out

    Caveat Emptor: your Ether#2 will be directly attached to the Internet (by virtue of the Missing NAT from an upstream router ) and subject to attack.


    The more I look at this, an alternative seems a better solution, but let's define the objectives.
    1. Multiple systems need to share one ISP connection
    2. For whatever reason, it is desireable to monitor ALL network traffic to and from the ISP
    =================================================
    YES this is complicated
    Code:
    isp==modem==Router#1---hub---router#2---systems to be monitored
                            |
                            +---------->{Ether#2.static IP address}--the monitoring.system
    
    * Router#1 wan takes the ISP public DHCP assignment
    * has an active DHCP to control router#2 wan assignment
    * is connected ONLY to a HUB which replicates all traffic
    * Hub is connected to router #2 with its active DHCP service to assign PC addresses
    * hub is also connected to the Ether#2 which is statically configured entirely isolated from router#2 addresses

    EG:
    Router#1 address 192.168.1.1 , DHCP range 2-4
    Router#2 address 192.168.2.1, DHCP range 2-10
    ... the wan side of #2 will become 192.168.1.2 and is part of router#1 subnet
    (hope that's already understood)
    Ether#2 gets a static address
    192.168.3.1,
    netmask 255.255.0.0
    gateway 192.168.1.1
    DNS just doesn't matter​
    the netmask allows all 192.168.x.y traffic to be seen on ether#2

    (might as well show you ALL the issues)
    Netmask 255.255.0.0 on Ether#2 may not be doable for 192.168.x.y subnet.
    If Not, change the Addresses from 192.168.x.y => 10.10.x.y
    • 192.168.1.1 becomes 10.10.1.1
    • 192.168.2.1 becomes 10.10.2.1
    • 192.168.3.1 becomes 10.10.3.1
    and then you will be able to use netmask 255.255.0.0 or even 255.0.0.0
  7. webcan

    webcan Newcomer, in training Topic Starter

    HI! Thanks for all the info. Its going to take some time for me to try this out, and I also do not have an available HUB, just a router.

    Thanks :)
  8. jobeard

    jobeard TS Ambassador Posts: 13,284   +281

    Two key points in the design:
    1. The hub allows data to be seen by every Nic attached to it
    2. the subnet address and netmask for Ether#2 must be in the range of the other devices
      attached to that hub: ergo 192.168.x.y or 10.10.x.y as may be the case


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.