Solved

How do I set up my network to see ALL netowrk traffic going through my router?

Posted on 2004-09-24
6
473 Views
Last Modified: 2013-12-23
This one has had me stumped for a few days now.


Here is the set up. I have A Windows XP PC and a Playstation2 (with network card) hooked up to my Linksys BEFSR41 router. The connection to the outside world is through a cable connection. You can assume that the Playstation acts just like a another PC in regards to network traffic.  I want to be able to view ALL traffic flowing through my linksys router.

For this problem assume the router IP is 192.168.1.1
Windows PC IP(static): 192.168.1.2
PS2(static) : 192.168.1.3
All machines can access the internet just fine, no problems playing games either.

I have been trying to use network monitoring tools such as ethereal to view this traffic. When I run this monitoring tool, I am only able to pick up traffic that is ment to be delivered to my PC(192.168.1.2). EVEN THOUGH I am absolutely sure packets are being sent to and from the PC and the PS2. I am positive that my NIC in my PC has the ability to be set into "permiscious" mode.

Why can't I see ANY OTHER traffic? I believe the behavior would be similar if it was just 2 PC's, I don't see any difference, its just 2 network cards. Unfortunately, I don't have another computer lying around. Is this a router configuration issue? an XP issue?

I have even tried to foward the TCP and UDP ports that the PS2 game uses directly to my PC. From my understanding, any incomming traffic to the router on those ports should be fowarded to my PC? But alas, this is not the case. Even with those restrictions in place, the PS2 operates just fine, suggesting that the ports are not getting fowarded at all.

I noticed that the name of the Linksys I have is "router with 4-port switch built in". Is the switch mechanism preventing the router from replicating traffic across all connection? If so, can you make routers do that?

Any advice, suggestions, or requests for further clarification would be great.

thanks.
0
Comment
Question by:crashnburn987
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 12145077
Switches pose quite a challenge to network analyzers. Switches to no propogate all traffic out all ports like a hub does. Easy solution for you would be to plug in a HUB between the Linksys and the users, with your PC plugged into the hub, too. This will allow you to see all the traffic.
On higher-end switches, they have the capacity to create a SPAN, Mirror, or Monitor port (different vendors call it different things) that allow you to copy all traffic on the switch to a designated port where you would have a sniffer connected.
0
 
LVL 76

Expert Comment

by:David Lee
ID: 12145288
I believe that the NIC on the computer doing the monitoring has to support and be set to "promiscuous mode" in order to capture packets not destined for that computer.
0
 

Author Comment

by:crashnburn987
ID: 12145348
Shouldn't I still be able to foward the incomming traffic on the desired TCP/UDP ports to my PC directly?
A request from the internet comes into my router and it wants to talk to 192.168.1.3(PS2), say port 10070...

using the routers firmware, I set up a port fowarding mapping to say :

ports 10070-10080  TCP foward to 192.168.1.2(PC)....
ports 6000-6999  UDP foward to 192.168.1.2(PC)...

This dosen't seem to do anything. All traffic on those ports just goes straight to the orginal destination, and my PC recieves no traffic on those ports. If I don't have those ports open on my PC, its safe to assume the computer won't see them, but how do they make it back to the correct destination anyways? Am I wrong to assume this is how the port fowarding should work? What other settings on the router should/need to be set to get this to behaive the way I want it too?

I think I'm going to try(although all you security people are going to be upset) keep the port fowarding mapping in place as stated above, and expose my PC as a DMZ, to open up all its ports to traffic. It is possible the program I have written to listen on those ports is not functioning properly(could swear it is). If I expose my PC as a DMZ, it should accept all traffic on all ports correct?

0
Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 

Author Comment

by:crashnburn987
ID: 12145359
Is there anything special that needs to be done to get your card into "permiscious mode"? It was stated that the software I am using should set this up automatically, or tell the OS to do it... Is there a way to set this manually?
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 200 total points
ID: 12145631
The router will only port-forward traffic between WAN interface and LAN hosts, inbound.
It will not forward traffic from LAN host to LAN port.
0
 
LVL 76

Assisted Solution

by:David Lee
David Lee earned 200 total points
ID: 12146010
"Is there anything special that needs to be done to get your card into "permiscious mode"? It was stated that the software I am using should set this up automatically, or tell the OS to do it... Is there a way to set this manually?"

I'm afraid the answer to your questions are card specific.  Some cards require a "promiscuous mode" driver.  I'd recommend checking your NIC manufacturer's web site and see what they say about promiscuous mode for your card.  The links below are to Microsoft articles that talk more about network sniffing.

http://support.microsoft.com/default.aspx?scid=kb;en-us;302348
http://support.microsoft.com/default.aspx?scid=kb;en-us;294818
http://support.microsoft.com/default.aspx?scid=kb;en-us;148942
0

Featured Post

Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question