?
Solved

How do I set up my network to see ALL netowrk traffic going through my router?

Posted on 2004-09-24
6
Medium Priority
?
502 Views
Last Modified: 2013-12-23
This one has had me stumped for a few days now.


Here is the set up. I have A Windows XP PC and a Playstation2 (with network card) hooked up to my Linksys BEFSR41 router. The connection to the outside world is through a cable connection. You can assume that the Playstation acts just like a another PC in regards to network traffic.  I want to be able to view ALL traffic flowing through my linksys router.

For this problem assume the router IP is 192.168.1.1
Windows PC IP(static): 192.168.1.2
PS2(static) : 192.168.1.3
All machines can access the internet just fine, no problems playing games either.

I have been trying to use network monitoring tools such as ethereal to view this traffic. When I run this monitoring tool, I am only able to pick up traffic that is ment to be delivered to my PC(192.168.1.2). EVEN THOUGH I am absolutely sure packets are being sent to and from the PC and the PS2. I am positive that my NIC in my PC has the ability to be set into "permiscious" mode.

Why can't I see ANY OTHER traffic? I believe the behavior would be similar if it was just 2 PC's, I don't see any difference, its just 2 network cards. Unfortunately, I don't have another computer lying around. Is this a router configuration issue? an XP issue?

I have even tried to foward the TCP and UDP ports that the PS2 game uses directly to my PC. From my understanding, any incomming traffic to the router on those ports should be fowarded to my PC? But alas, this is not the case. Even with those restrictions in place, the PS2 operates just fine, suggesting that the ports are not getting fowarded at all.

I noticed that the name of the Linksys I have is "router with 4-port switch built in". Is the switch mechanism preventing the router from replicating traffic across all connection? If so, can you make routers do that?

Any advice, suggestions, or requests for further clarification would be great.

thanks.
0
Comment
Question by:crashnburn987
  • 2
  • 2
  • 2
6 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 12145077
Switches pose quite a challenge to network analyzers. Switches to no propogate all traffic out all ports like a hub does. Easy solution for you would be to plug in a HUB between the Linksys and the users, with your PC plugged into the hub, too. This will allow you to see all the traffic.
On higher-end switches, they have the capacity to create a SPAN, Mirror, or Monitor port (different vendors call it different things) that allow you to copy all traffic on the switch to a designated port where you would have a sniffer connected.
0
 
LVL 76

Expert Comment

by:David Lee
ID: 12145288
I believe that the NIC on the computer doing the monitoring has to support and be set to "promiscuous mode" in order to capture packets not destined for that computer.
0
 

Author Comment

by:crashnburn987
ID: 12145348
Shouldn't I still be able to foward the incomming traffic on the desired TCP/UDP ports to my PC directly?
A request from the internet comes into my router and it wants to talk to 192.168.1.3(PS2), say port 10070...

using the routers firmware, I set up a port fowarding mapping to say :

ports 10070-10080  TCP foward to 192.168.1.2(PC)....
ports 6000-6999  UDP foward to 192.168.1.2(PC)...

This dosen't seem to do anything. All traffic on those ports just goes straight to the orginal destination, and my PC recieves no traffic on those ports. If I don't have those ports open on my PC, its safe to assume the computer won't see them, but how do they make it back to the correct destination anyways? Am I wrong to assume this is how the port fowarding should work? What other settings on the router should/need to be set to get this to behaive the way I want it too?

I think I'm going to try(although all you security people are going to be upset) keep the port fowarding mapping in place as stated above, and expose my PC as a DMZ, to open up all its ports to traffic. It is possible the program I have written to listen on those ports is not functioning properly(could swear it is). If I expose my PC as a DMZ, it should accept all traffic on all ports correct?

0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:crashnburn987
ID: 12145359
Is there anything special that needs to be done to get your card into "permiscious mode"? It was stated that the software I am using should set this up automatically, or tell the OS to do it... Is there a way to set this manually?
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 800 total points
ID: 12145631
The router will only port-forward traffic between WAN interface and LAN hosts, inbound.
It will not forward traffic from LAN host to LAN port.
0
 
LVL 76

Assisted Solution

by:David Lee
David Lee earned 800 total points
ID: 12146010
"Is there anything special that needs to be done to get your card into "permiscious mode"? It was stated that the software I am using should set this up automatically, or tell the OS to do it... Is there a way to set this manually?"

I'm afraid the answer to your questions are card specific.  Some cards require a "promiscuous mode" driver.  I'd recommend checking your NIC manufacturer's web site and see what they say about promiscuous mode for your card.  The links below are to Microsoft articles that talk more about network sniffing.

http://support.microsoft.com/default.aspx?scid=kb;en-us;302348
http://support.microsoft.com/default.aspx?scid=kb;en-us;294818
http://support.microsoft.com/default.aspx?scid=kb;en-us;148942
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
Resolve DNS query failed errors for Exchange
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question