Sniff packets from router

networkingroutersniffingwireless-routerwireshark

So I have TP-Link router and I want to sniff all the packets going through the router. I'm using Wireshark right now but not able to get the packets which passes through my router.

So What I've tried so far :

1) If I create hotspot on my laptop and I connect other devices on my laptop's hotspot then I'm able to see packets going through my pc. But that's not all I need.

2) I bought a LAN cable, One end connected to my PC port and other end connected to the router's LAN port. And I chose LAN Traffic in wireshark, But still I'm not able to access the packets going through the router.

3) Can I force all websites to run on http rather than https on my own network ?

Is there any other way to do this ?

Thank You!

Best Answer

Remember: these days everything around with more than one port has a switch. So you have a chance to redirect traffic to your computer only by DNS poisoning or ARP spoofing.

No, you can't force web-sites to use only HTTP. First of all, major sites this day don't even provide any service through HTTP except for redirecting to HTTPS. Second, HSTS header prevents browsers from accessing them via HTTP and that HTTPS-only flag is set on first access, so it is likely already set on every machine for Google, Facebook, Twitter etc.. Basically one way to sniff traffic of these sites is using solutions like mitmproxy.

I don't know if you want to go that far, but many times I had replaced factory firmware with OpenWRT on TP-Links (at this moment I am accessing Internet via such reflashed OpenWRT @ TL-WDR3600). There is tcpdump package, so the task is pretty straightforward - write a file with tcpdump -w, then fetch that file from the router via scp and analyze it with Wireshark on the PC.

After all, OpenWRT is so feature-rich, so even loss of warranty is not a concern for me. I also tried DD-WRT, and no, it is not as good as OpenWRT, but still both of them are way better than original firmware.