Networking & wireless: How to monitor network traffic?

by Jim41 - 8/15/09 4:39 PM

Total posts: 7

Back to Networking & wireless forum

Track this thread

Post 1 of 7

How to monitor network traffic?

by Jim41 - 8/15/09 4:39 PM

All computers at this location access the Internet wirelessly through an 802.1g wireless router, which is cabled directly to a DSL modem. The wireless network is not encrypted, and frequently interlopers can be found camped-onto my Internet connection. Usually MAC filtering fixes this, but what I would like to do is to log traffic to and from the Internet. Can this be done from the router or by bridging the hard-wired connection between the router and the DSL modem? How difficult can this be? Thanks!

Permalink

Report offensive post

Post 2 of 7

MAC filters do not work.

by R. Proffitt

- 8/15/09 4:54 PM In reply to: How to monitor network traffic? by Jim41

There are very simple hack tools that let others use WEP and MAC filtered networks. To solve this issue is very very simple. Enable WPA, broadcast the SSID and no MAC filters. Done.

Permalink

Report offensive post

Post 3 of 7

Yes, but...

by Jim41 - 8/15/09 5:03 PM In reply to: MAC filters do not work. by R. Proffitt

Yes, I realize this, but a couple of the computers here are older and won't do WPA. Anyhow, I'd sincerely like to hack/embarrass these nefarious campers!

Permalink

Report offensive post

Post 4 of 7

Simple.

by R. Proffitt

- 8/15/09 5:10 PM In reply to: Yes, but... by Jim41

Turn off the wifi when you can. Remember that WEP, even with MAC filtering is cracked in about 2 minutes with the right software. Hopefully you can get the old gear wired and off the air soon.
Bob

Permalink

Report offensive post

Post 5 of 7

sniffing

by bill091 - 8/17/09 10:59 AM In reply to: How to monitor network traffic? by Jim41

If your router has a mirror/monitor option then you can do that but most consumer routers do not.

First you need a packet capture program and a PC you can leave running to capture it. Wireshark is your best bet since its free and works very well

The harder problem will be getting into the data stream. A old hub if they still make those would work between the router and the dsl modem.

They make real ethernet taps but they are rather expensive. The most common way to do this is with a switch that has the ability to "mirror" traffic. You will need a switch is manageable ie 'you can log into'. They are some consumer ones but the cheapest way to buy a old cisco or 3com on ebay. Even the very old switches can do this.

You still have the issue of knowing which traffic is valid and which is not. All traffic will appear to come from the address on the router so it will be more difficult to know if it is your traffic or your intruders traffic. To a point it will be obvious if they are visiting sites you do not.

Permalink

Report offensive post

Post 6 of 7

Great!

by Jim41 - 8/17/09 12:00 PM In reply to: sniffing by bill091

Just the answer I was looking for, thanks very much. I'll initiate a search for that 'old hub' and see what I can find. I already have Wireshark; this ought to be fun.

Permalink

Report offensive post

Post 7 of 7