[Last Call] Learn how to a build a cloud-first strategyRegister Now


Monitor all traffic from inside lan to internet - how to get in the path

Posted on 2005-04-14
Medium Priority
Last Modified: 2010-03-18
What is the best way to get a computer-hosted network monitor in the path from the lan to the internet on a switched nework ?  This is for the purpose of discovering unwanted outbound traffic from internal infected computers, or diagnosing protocol specific failures when when communicating with specific internet resources.  I have been configuring a portable Server 2003 / ISA Server with Microsoft's Network Monitor as a temporary replacement for the normal NAT/Firewall device in order get in the path.  It works fine, but is time consuming  to set up when several inbound access-list mappings have to be maintained when using the temporary diagnostic router.  It also breaks network connectivity during the transition from the permanent NAT device to the diagnostic NAT server.
Question by:swbruce21
  • 3

Expert Comment

ID: 13792048
Not sure how large your network is or your router configuration, but if small enough and the router is either one port or you can do some cable rearranging to only use one port,  you could just insert a cheap hub between the main router and first switch of the switch bank, then plug one other computer into the hub (or perhaps move a designated workstation from the switch to the new hub, thereby still using it as normal then adding sniffer duties to it...depending on if that's possible with your current network setup) and run a sniffer on it like ethereal (www.ethereal.com) or another packet monitoring program of choice.

Expert Comment

ID: 13792119
If you did that with a spare box, and you had for example a T1 for your internet connection, there wouldn't be any noticable performance degradation, even with a 10Base-T hub (tho use a full duplex one if the router is full duplex)...the traffic going through that point in the network wouldn't go any faster than the 1.544mbit T1 could spew out, there's no additional routing,  and the sniffing is passive, so there's no collisions or extra hops that would defeat the purpose of the switched network downstream.

Author Comment

ID: 13797855
This is something that I do for short intervals troublehshooting the network of small business clients. I tried the hub approach but since the ethernet frames are addressed to the firewall, the adaptor on my sniffing computer rejects them.  I know there is a solution to that, but I don't know the specifics of what it is.  Thanks

Accepted Solution

fixnix earned 750 total points
ID: 13799261
If you set the sniffing box to set the network card to "promiscuous mode" then it will sniff the packets going to the router/firewall

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question