Solved

How to  sniff packets from router

Posted on 2006-06-09
8
1,779 Views
Last Modified: 2013-12-07
What is the best way to look at real time traffic on you r router?? Can this be done with Linux/Unix? IS there some kind of command line tool to do this.

Thanks


0
Comment
Question by:andrew_89
8 Comments
 
LVL 1

Author Comment

by:andrew_89
ID: 16875017
Also how would you re-route traffic say for ftp to your secondary router to alleviate bandwidth consumption on the primary router?
0
 
LVL 3

Expert Comment

by:Tony Gimenez
ID: 16875188
http://www.ethereal.com

Its for Windows and Linux and its free!
0
 
LVL 3

Expert Comment

by:Tony Gimenez
ID: 16875211
If you need other programs for similar uses this should help
http://www.google.com/search?hl=en&lr=&q=real+time+network+monitoring&btnG=Search

0
 
LVL 57

Expert Comment

by:giltjr
ID: 16875342
What is the router connected to?  If it is a switch, then you need to have a managed switch that you can mirror the port that the router is connected to, that is you tell the switch to send a copy of all data that is going to or coming from port "A" to port "B"  Then you connect a computer to port "B" that has packet caputer software (like Ethereal).

That I am aware of I don't know of away to route traffic based on the application (ftp, http, telnet).  Routing is based on destination IP address.  Do you want to route all FTP traffic, or say ftp traffic from a specic host?  You should just change that hosts  default route.  Or, you could setup a ftp proxy server and have its default route be your "secondary" router.

However, in order for this to work, not only would you need a secondary router, you would need a secondary connection to the Internet.  Wouldn't it be less expensive to just increase the bandwidth on the primary connection?
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 8

Expert Comment

by:ragnarok89
ID: 16875804
You can monitor the amount of traffic going through a switch using Getif or a similar program that uses SNMP. This program can tell you (for example) the number of packets sent or received on a particular interface.

In order to see inside each packet, you will need a packet analyser such as ethereal, which can examine the headers and data inside each packet.

In order to route traffic, you will need a router with which you can create a port forwarding rule. So any traffic received for port 22 (ftp) would be directed to a specific IP address on your internal network - like your ftp server.
0
 
LVL 2

Expert Comment

by:Dazm
ID: 16875915

Try this easy to use program
"Ether Detect Packet Sniffer"
http://www.etherdetect.com

Maybe not the best, But truly the best : )
Is so easy that i don't have to tell you nothing else here.

Try it and let me know.
0
 
LVL 11

Accepted Solution

by:
grsteed earned 500 total points
ID: 16877416
"Also how would you re-route traffic say for ftp"

You don't mention what kind of routers you have but if they are Cisco you may be able to use Policy Based Routing to do this. (other routers support this as well) It still depends on your topology.

Basically Policy Based Routing uses access lists and route-maps to make routing decisions. If you use Extended access lists, the decision could be based on TCP ports, along with Source and Destination. It doesn't control the destination of a packet, but can control the path it takes.  

Here's a few links if you want to read more.

http://www.21stcenturyarticles.com/Article/Cisco-CCNP---BSCI-Exam-Tutorial---Introduction-To-Policy-Routing/580
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipr_c/ipcprt2/1cfindep.htm#wp1001398
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fqos_c/fqcprt1/qcfpbr.htm

 
Cheers,

Gary

0
 
LVL 2

Expert Comment

by:Psyco_666
ID: 16884517
If you dont have a managed switch you could replace the cable from your router to your internal network with 2 cables and a 4 port hub in between. This way you can plug in an ethereal laptop in any time to check on traffic loads. Only really works if you have a one in one out setup.

0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Suggested Solutions

What’s a web proxy server? A proxy server is a server that goes between clients and web servers, used in corporate to enforce corporate browsing policy and ensure security. Proxy servers are commonly used in three modes. A)    Forward proxy …
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now