My ISP gives 2 devices to provide internet access: ONT+Router
I wanna use a router with an embedded ONT, so I only have 1 device.
The problem is that they dont give out the configuration for you to use your own devices, so using a exploit I gained admin access to the router, but the ONT is another history.
What I want to do, if possible, is to bridge 3 ethernet ports on the Openwrt device, and connect to each one of them the ONT, the router and a PC with wireshark to sniff the traffic.
How do I manage to do that? Also I have read that I need to use VLANs so the traffic is processed by the openwrt device's cpu, and make it sniffable.
The openwrt device is a ar5387un with the latest openwrt version.
my ONT (Verizon) uses a proprietary single-stranded Layer 1 fiber protocol. So, even if I found a device with fiber SFP, it wouldn't connect to their fiber cable
my ISP carries: phone, Internet and TV on 3 different wavelengths on that proprietary fiber
In the United States, this is still considered inside the ISP's network, the demarcation point IS the ONT itself
If you're trying to flash an ONT with OpenWrt, I don't know of any devices that have been hacked
Yes, but on my ONT, only one MAC is recognized to get an address via DHCP, so be careful. I sniff by mirroring the WAN port to another port on my device - then run Wireshark on that.
AS far as I know your ISP will have to provision your ONT, so there is very little chance of "sneaking' in your own ONT. Given that, why don't you talk to your ISP, maybe the are willing (or legally required) to provision your own ONT for you?
@mofo, if you know how to legitimately procure an ONT (i.e. not one that someone simply snatched off the side of their house and put on eBay), please let me know.
I actually have another ONT from my aunt,from her old ISP (and router too). Some ISP "gift" you with routers, some of them have the ONT embedded in them, so some people sell them on 2nd hand apps.
My ISP doesnt even tell you the admin pass for the router.
Since the ONT is connected via ethernet to the router, I wanted to use an Openwrt device (an old router I have) to connect it between them, and try to sniff the ONT connections details.
Officially, they let you use a router of your choice if you connect it to their router's eth port #4 (leaving you with 3 devices connected...) ,and unofficially, people found it a way for using their own router by adding a VLAN with a specific number,and connecting it to the ONT.
I even connected to the ONT via serial port, but I couldnt do anything, since I didnt find any guide for that specific model, and the commands of the shell were to technical for me (it wasnt a unix shell, just one with propietary commands, even tried to dump it almost blindly, but failed)
I dont want to install OpenWRT on the ONT, just use an old router that has Openwrt installed as sniffer.
If I mirror the eth port where the ONT is connected, I would only sniff traffic from the ONT, right?
Shouldnt I sniff both traffic from and to the ont? (to and from the router)
Any guide on how to mirror a port in openwrt?
port mirroring can do both ingress and egress, there's a tick box on the switch page in Luci, it should let you set up mirroring. I haven't done it on OpenWrt but check out the Luci switch page and maybe post screenshot with question of it's not obvious from there
did you end up figuring this out? I'm looking at almost the exact same problem. I need to sniff the VOIP config file which apparently gets fetched by the router over HTTP. If I had an exploit for the router, I would be done, but unfortunately it's on a recent firmware so I don't think I can get root on it