How do I set up my network to see ALL netowrk traffic going through my router?

Posted on 2004-09-24
Medium Priority
Last Modified: 2013-12-23
This one has had me stumped for a few days now.

Here is the set up. I have A Windows XP PC and a Playstation2 (with network card) hooked up to my Linksys BEFSR41 router. The connection to the outside world is through a cable connection. You can assume that the Playstation acts just like a another PC in regards to network traffic.  I want to be able to view ALL traffic flowing through my linksys router.

For this problem assume the router IP is
Windows PC IP(static):
PS2(static) :
All machines can access the internet just fine, no problems playing games either.

I have been trying to use network monitoring tools such as ethereal to view this traffic. When I run this monitoring tool, I am only able to pick up traffic that is ment to be delivered to my PC( EVEN THOUGH I am absolutely sure packets are being sent to and from the PC and the PS2. I am positive that my NIC in my PC has the ability to be set into "permiscious" mode.

Why can't I see ANY OTHER traffic? I believe the behavior would be similar if it was just 2 PC's, I don't see any difference, its just 2 network cards. Unfortunately, I don't have another computer lying around. Is this a router configuration issue? an XP issue?

I have even tried to foward the TCP and UDP ports that the PS2 game uses directly to my PC. From my understanding, any incomming traffic to the router on those ports should be fowarded to my PC? But alas, this is not the case. Even with those restrictions in place, the PS2 operates just fine, suggesting that the ports are not getting fowarded at all.

I noticed that the name of the Linksys I have is "router with 4-port switch built in". Is the switch mechanism preventing the router from replicating traffic across all connection? If so, can you make routers do that?

Any advice, suggestions, or requests for further clarification would be great.

Question by:crashnburn987
  • 2
  • 2
  • 2
LVL 79

Expert Comment

ID: 12145077
Switches pose quite a challenge to network analyzers. Switches to no propogate all traffic out all ports like a hub does. Easy solution for you would be to plug in a HUB between the Linksys and the users, with your PC plugged into the hub, too. This will allow you to see all the traffic.
On higher-end switches, they have the capacity to create a SPAN, Mirror, or Monitor port (different vendors call it different things) that allow you to copy all traffic on the switch to a designated port where you would have a sniffer connected.
LVL 76

Expert Comment

by:David Lee
ID: 12145288
I believe that the NIC on the computer doing the monitoring has to support and be set to "promiscuous mode" in order to capture packets not destined for that computer.

Author Comment

ID: 12145348
Shouldn't I still be able to foward the incomming traffic on the desired TCP/UDP ports to my PC directly?
A request from the internet comes into my router and it wants to talk to, say port 10070...

using the routers firmware, I set up a port fowarding mapping to say :

ports 10070-10080  TCP foward to
ports 6000-6999  UDP foward to

This dosen't seem to do anything. All traffic on those ports just goes straight to the orginal destination, and my PC recieves no traffic on those ports. If I don't have those ports open on my PC, its safe to assume the computer won't see them, but how do they make it back to the correct destination anyways? Am I wrong to assume this is how the port fowarding should work? What other settings on the router should/need to be set to get this to behaive the way I want it too?

I think I'm going to try(although all you security people are going to be upset) keep the port fowarding mapping in place as stated above, and expose my PC as a DMZ, to open up all its ports to traffic. It is possible the program I have written to listen on those ports is not functioning properly(could swear it is). If I expose my PC as a DMZ, it should accept all traffic on all ports correct?

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions


Author Comment

ID: 12145359
Is there anything special that needs to be done to get your card into "permiscious mode"? It was stated that the software I am using should set this up automatically, or tell the OS to do it... Is there a way to set this manually?
LVL 79

Accepted Solution

lrmoore earned 800 total points
ID: 12145631
The router will only port-forward traffic between WAN interface and LAN hosts, inbound.
It will not forward traffic from LAN host to LAN port.
LVL 76

Assisted Solution

by:David Lee
David Lee earned 800 total points
ID: 12146010
"Is there anything special that needs to be done to get your card into "permiscious mode"? It was stated that the software I am using should set this up automatically, or tell the OS to do it... Is there a way to set this manually?"

I'm afraid the answer to your questions are card specific.  Some cards require a "promiscuous mode" driver.  I'd recommend checking your NIC manufacturer's web site and see what they say about promiscuous mode for your card.  The links below are to Microsoft articles that talk more about network sniffing.


Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
If you are looking for an automated tool which can generate reports for Outlook emails and other items from PST file, then you can go for Kernel PST Reporter tool. The reports which are created by this tool are helpful to analyze and understand PST …

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question