Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

How to  sniff packets from router

Posted on 2006-06-09
8
1,793 Views
Last Modified: 2013-12-07
What is the best way to look at real time traffic on you r router?? Can this be done with Linux/Unix? IS there some kind of command line tool to do this.

Thanks


0
Comment
Question by:andrew_89
8 Comments
 
LVL 1

Author Comment

by:andrew_89
ID: 16875017
Also how would you re-route traffic say for ftp to your secondary router to alleviate bandwidth consumption on the primary router?
0
 
LVL 3

Expert Comment

by:Tony Gimenez
ID: 16875188
http://www.ethereal.com

Its for Windows and Linux and its free!
0
 
LVL 3

Expert Comment

by:Tony Gimenez
ID: 16875211
If you need other programs for similar uses this should help
http://www.google.com/search?hl=en&lr=&q=real+time+network+monitoring&btnG=Search

0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 57

Expert Comment

by:giltjr
ID: 16875342
What is the router connected to?  If it is a switch, then you need to have a managed switch that you can mirror the port that the router is connected to, that is you tell the switch to send a copy of all data that is going to or coming from port "A" to port "B"  Then you connect a computer to port "B" that has packet caputer software (like Ethereal).

That I am aware of I don't know of away to route traffic based on the application (ftp, http, telnet).  Routing is based on destination IP address.  Do you want to route all FTP traffic, or say ftp traffic from a specic host?  You should just change that hosts  default route.  Or, you could setup a ftp proxy server and have its default route be your "secondary" router.

However, in order for this to work, not only would you need a secondary router, you would need a secondary connection to the Internet.  Wouldn't it be less expensive to just increase the bandwidth on the primary connection?
0
 
LVL 8

Expert Comment

by:ragnarok89
ID: 16875804
You can monitor the amount of traffic going through a switch using Getif or a similar program that uses SNMP. This program can tell you (for example) the number of packets sent or received on a particular interface.

In order to see inside each packet, you will need a packet analyser such as ethereal, which can examine the headers and data inside each packet.

In order to route traffic, you will need a router with which you can create a port forwarding rule. So any traffic received for port 22 (ftp) would be directed to a specific IP address on your internal network - like your ftp server.
0
 
LVL 2

Expert Comment

by:Dazm
ID: 16875915

Try this easy to use program
"Ether Detect Packet Sniffer"
http://www.etherdetect.com

Maybe not the best, But truly the best : )
Is so easy that i don't have to tell you nothing else here.

Try it and let me know.
0
 
LVL 11

Accepted Solution

by:
grsteed earned 500 total points
ID: 16877416
"Also how would you re-route traffic say for ftp"

You don't mention what kind of routers you have but if they are Cisco you may be able to use Policy Based Routing to do this. (other routers support this as well) It still depends on your topology.

Basically Policy Based Routing uses access lists and route-maps to make routing decisions. If you use Extended access lists, the decision could be based on TCP ports, along with Source and Destination. It doesn't control the destination of a packet, but can control the path it takes.  

Here's a few links if you want to read more.

http://www.21stcenturyarticles.com/Article/Cisco-CCNP---BSCI-Exam-Tutorial---Introduction-To-Policy-Routing/580
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipr_c/ipcprt2/1cfindep.htm#wp1001398
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fqos_c/fqcprt1/qcfpbr.htm

 
Cheers,

Gary

0
 
LVL 2

Expert Comment

by:Psyco_666
ID: 16884517
If you dont have a managed switch you could replace the cable from your router to your internal network with 2 cables and a 4 port hub in between. This way you can plug in an ethereal laptop in any time to check on traffic loads. Only really works if you have a one in one out setup.

0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question