Solved

How do I set up my network to see ALL netowrk traffic going through my router?

Posted on 2004-09-24
6
424 Views
Last Modified: 2013-12-23
This one has had me stumped for a few days now.


Here is the set up. I have A Windows XP PC and a Playstation2 (with network card) hooked up to my Linksys BEFSR41 router. The connection to the outside world is through a cable connection. You can assume that the Playstation acts just like a another PC in regards to network traffic.  I want to be able to view ALL traffic flowing through my linksys router.

For this problem assume the router IP is 192.168.1.1
Windows PC IP(static): 192.168.1.2
PS2(static) : 192.168.1.3
All machines can access the internet just fine, no problems playing games either.

I have been trying to use network monitoring tools such as ethereal to view this traffic. When I run this monitoring tool, I am only able to pick up traffic that is ment to be delivered to my PC(192.168.1.2). EVEN THOUGH I am absolutely sure packets are being sent to and from the PC and the PS2. I am positive that my NIC in my PC has the ability to be set into "permiscious" mode.

Why can't I see ANY OTHER traffic? I believe the behavior would be similar if it was just 2 PC's, I don't see any difference, its just 2 network cards. Unfortunately, I don't have another computer lying around. Is this a router configuration issue? an XP issue?

I have even tried to foward the TCP and UDP ports that the PS2 game uses directly to my PC. From my understanding, any incomming traffic to the router on those ports should be fowarded to my PC? But alas, this is not the case. Even with those restrictions in place, the PS2 operates just fine, suggesting that the ports are not getting fowarded at all.

I noticed that the name of the Linksys I have is "router with 4-port switch built in". Is the switch mechanism preventing the router from replicating traffic across all connection? If so, can you make routers do that?

Any advice, suggestions, or requests for further clarification would be great.

thanks.
0
Comment
Question by:crashnburn987
  • 2
  • 2
  • 2
6 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 12145077
Switches pose quite a challenge to network analyzers. Switches to no propogate all traffic out all ports like a hub does. Easy solution for you would be to plug in a HUB between the Linksys and the users, with your PC plugged into the hub, too. This will allow you to see all the traffic.
On higher-end switches, they have the capacity to create a SPAN, Mirror, or Monitor port (different vendors call it different things) that allow you to copy all traffic on the switch to a designated port where you would have a sniffer connected.
0
 
LVL 76

Expert Comment

by:David Lee
ID: 12145288
I believe that the NIC on the computer doing the monitoring has to support and be set to "promiscuous mode" in order to capture packets not destined for that computer.
0
 

Author Comment

by:crashnburn987
ID: 12145348
Shouldn't I still be able to foward the incomming traffic on the desired TCP/UDP ports to my PC directly?
A request from the internet comes into my router and it wants to talk to 192.168.1.3(PS2), say port 10070...

using the routers firmware, I set up a port fowarding mapping to say :

ports 10070-10080  TCP foward to 192.168.1.2(PC)....
ports 6000-6999  UDP foward to 192.168.1.2(PC)...

This dosen't seem to do anything. All traffic on those ports just goes straight to the orginal destination, and my PC recieves no traffic on those ports. If I don't have those ports open on my PC, its safe to assume the computer won't see them, but how do they make it back to the correct destination anyways? Am I wrong to assume this is how the port fowarding should work? What other settings on the router should/need to be set to get this to behaive the way I want it too?

I think I'm going to try(although all you security people are going to be upset) keep the port fowarding mapping in place as stated above, and expose my PC as a DMZ, to open up all its ports to traffic. It is possible the program I have written to listen on those ports is not functioning properly(could swear it is). If I expose my PC as a DMZ, it should accept all traffic on all ports correct?

0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:crashnburn987
ID: 12145359
Is there anything special that needs to be done to get your card into "permiscious mode"? It was stated that the software I am using should set this up automatically, or tell the OS to do it... Is there a way to set this manually?
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 200 total points
ID: 12145631
The router will only port-forward traffic between WAN interface and LAN hosts, inbound.
It will not forward traffic from LAN host to LAN port.
0
 
LVL 76

Assisted Solution

by:David Lee
David Lee earned 200 total points
ID: 12146010
"Is there anything special that needs to be done to get your card into "permiscious mode"? It was stated that the software I am using should set this up automatically, or tell the OS to do it... Is there a way to set this manually?"

I'm afraid the answer to your questions are card specific.  Some cards require a "promiscuous mode" driver.  I'd recommend checking your NIC manufacturer's web site and see what they say about promiscuous mode for your card.  The links below are to Microsoft articles that talk more about network sniffing.

http://support.microsoft.com/default.aspx?scid=kb;en-us;302348
http://support.microsoft.com/default.aspx?scid=kb;en-us;294818
http://support.microsoft.com/default.aspx?scid=kb;en-us;148942
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
This video discusses moving either the default database or any database to a new volume.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now