Can I make a HUB?

Hi,
I am trying to learn how to use Wireshark and I'm not seeing the results I expect to see.
My suspicion is that is because my targets are connected via an unmanaged switch?
Can I configure a spare BT Home Hub 5a running OpenWRT 23.5.2 to look like a 4-port hub?

Regards, Martin

No, you can't make a switch behave like a hub (nor would you want to). But you can port-mirror.
https://openwrt.org/packages/pkgdata/port-mirroring

3 Likes

Thank for the suggestion, Peter,

Would you mind if I ask a few more questions on how to get it working?
This is my /etc/config/port-mirroring:

config 'port-mirroring'
    option source_ports 'eth0,wlan0'    # interfaces (maximum of 4) to copy packets from
    option promiscuous  '1'             # put source interface(s) in promiscuous mode
    option target       '192.168.0.235' # interface or IP address to send packets to
    option protocol     'TEE'           # 'TEE' iptables (default) or 'TZSP' TaZmen Sniffer Protocol
    option filter       ''              # optional tcpdump/libpcap packet filter expressions

The 192.168.0.235 is where I wish to run Wireshark.
Checking that 192.168.0.235 is visible from the router router running port-mirroring:

root@OpenWrt-C:~# ping -c 2 192.168.0.235
PING 192.168.0.235 (192.168.0.235): 56 data bytes
64 bytes from 192.168.0.235: seq=0 ttl=64 time=1.045 ms
64 bytes from 192.168.0.235: seq=1 ttl=64 time=0.949 ms

--- 192.168.0.235 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.949/0.997/1.045 ms
root@OpenWrt-C:~# 

But I think something is wrong! No address reported for "dst="?

root@OpenWrt-C:~# logread | grep port-mirroring
Sat Mar  9 12:59:31 2024 daemon.info port-mirroring[1775]: port-mirroring starting
Sat Mar  9 12:59:31 2024 daemon.info port-mirroring[1775]: command-line argument[1]: --daemon
Sat Mar  9 12:59:31 2024 daemon.info port-mirroring[1775]: command-line argument[2]: --syslog
Sat Mar  9 12:59:31 2024 daemon.info port-mirroring[1775]: background process mode selected
Sat Mar  9 12:59:31 2024 daemon.info port-mirroring[1775]: successfully read config file '/etc/config/port-mirroring'
Sat Mar  9 12:59:31 2024 daemon.info port-mirroring[1776]: using process id 1776
Sat Mar  9 12:59:31 2024 daemon.info port-mirroring[1776]: settings: src=eth0 dst= proto=TEE promisc=on filter=''
Sat Mar  9 12:59:31 2024 daemon.info port-mirroring[1776]: settings: src=wlan0 dst= proto=TEE promisc=on filter=''
Sat Mar  9 12:59:31 2024 daemon.err port-mirroring[1776]: unable to get sender interface for destination IP address
Sat Mar  9 12:59:31 2024 daemon.info port-mirroring[1776]: program exiting: 0 packets mirrored
root@OpenWrt-C:~# 

However, if I make a silly mistake (192.168.0.2352) in the "option target", I get a different error message:

root@OpenWrt-C:~# logread | grep port-mirroring
Sat Mar  9 19:44:40 2024 daemon.info port-mirroring[1765]: port-mirroring starting
Sat Mar  9 19:44:40 2024 daemon.info port-mirroring[1765]: command-line argument[1]: --daemon
Sat Mar  9 19:44:40 2024 daemon.info port-mirroring[1765]: command-line argument[2]: --syslog
Sat Mar  9 19:44:40 2024 daemon.info port-mirroring[1765]: background process mode selected
Sat Mar  9 19:44:40 2024 daemon.info port-mirroring[1765]: successfully read config file '/etc/config/port-mirroring'
Sat Mar  9 19:44:40 2024 daemon.info port-mirroring[1768]: using process id 1768
Sat Mar  9 19:44:40 2024 daemon.info port-mirroring[1768]: settings: src=eth0 dst=192.168.0.2352 proto=TEE promisc=on filter=''
Sat Mar  9 19:44:40 2024 daemon.info port-mirroring[1768]: settings: src=wlan0 dst=192.168.0.2352 proto=TEE promisc=on filter=''
Sat Mar  9 19:44:40 2024 daemon.err port-mirroring[1768]: could not open target device '192.168.0.2352': 192.168.0.2352: No such device exists (No such device exists)
Sat Mar  9 19:44:40 2024 daemon.info port-mirroring[1768]: POSIX threads unavailable, running single-threaded
root@OpenWrt-C:~# 

The (eronious) IP address is reported, whereas, with the correct address in the config file, no address is reported?

Regards, M.

Hello,

I have a question regarding your setup. I easily set up port mirroring on my router and managed to retrieve form information from an HTTP link. I configured it like you did, but with TZSP and the IP address of the device for Wireshark. However, I would like to do port mirroring on a specific port, but when I fill in the LAN4 port instead of the IP, it doesn't work.
Do you know of a way to achieve this?

I'm afraid that I was never able to get "Port Mirroring" to work as I wanted it to. In the end, I went down a different route: I used a laptop with two Ethernet interfaces as a "man-in-the-middle" / dumb bridge. The laptop ran Wireshark with one interface connected to the WiFi Access Point and the other Ethernet interface to my LAN switch.
Unfortunately, I can't remember the fine detail (having done what I needed, the laptop was repurposed), but if you feel that this approach may fit your needs, I can try to replicate the test setup.
After all, many on this forum have helped me. A chance to repay?
Regards, M.

1 Like

Thank you for your response!

In the end, I decided to create a script that runs in the background and detects whenever port lan4 is up. It finds the IP address of the connected person and sends it to the port-mirroring configuration file.

I'm still struggling a bit to get the script to run in the background without keeping control of the terminal...

Thanks anyway for your offer, but I no longer need help with the HUB :wink: