Hello all,

I am currently stationed overseas in Japan, and I am happy to say that I have a 100 Mbit fiber line from my service provider... I am not so happy to say that they force me to use their "CTU", which is basically a Japanese router, which limits me from receiving external connections (such as would be required to host FTP, or administer my home machines via SSH or VNC). I have tried many methods of bypassing this piece of equipment, but so far none have worked (router setup for PPPoE, DHCP, Static IP, so on). I don't think the Japanese would mind me bypassing this device, as it's really there to 'protect' me, but there's such a language barrier that I can't figure out how to tell them what I want to do.

In order to troubleshoot the problem, I would like to setup a spare computer as a hub, dumbly (Is that a word? It is for this circumstance...) passing data from one device to the other, and allowing me to watch what is being passed via Wireshark.

I am pretty linux savvy, but I'm completely useless with iptables, and I was hoping someone might be able to help me out with this setup.

Here is the final product I want:

After connecting eth0 to the fiber modem and eth1 to the CTU, I want the computer to duplicate eth0's distant end MAC to eth1 and vice versa (to simulate the computer not being on the network at all), then I just want the computer to pass any data coming in on eth0 to eth1, and any data coming in on eth1 to eth0. Finally, I need to be able to read the throughput with Wireshark, but I really think that will be very simple if I can get the rest of the setup complete.

One piece of info - there is no dhcp on this link of the network, and I have no way of knowing the MAC addresses of either end before connecting them.

As an added bonus, once I've captured the handshake between the CTU and modem, if someone knows how to retransmit those packets on demand (i.e. to replace the CTU with my computer), I would be quite happy to hear about it.

Can anyone help?

~Emrys

After many hours banging my head on the keyboard, I came to an incredibly low tech solution to trick my little magic box into telling me its secrets.

1) Run Backtrack 4r2 on any computer with a network connection.
2) Run Wireshark in promiscuous mode, cable connected to NIC, but not suspect device.
3) While suspect device is operating normally, swap its cable for the one with Wireshark running.


It's not pretty, but it got me details... including that the CTU uses IPv6 and that opens a whole new can of worms.

I'd still love to hear a better solution if anyone finds one.

~Emrys

Any system can run wireshark. Why not simply use it on the original system?

Since Backtrack already has all the tools I need and it runs as a live cd, I find it to be the easiest method for this type of network snooping. If you must know, the "original system" on that computer was BrazilFW, a text only router software I was trying to use to replace the CTU.

~Emrys