Monitor Network Traffic

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Monitor Network Traffic

HairyScot

182 posts

Master Geek

#26212 15-Sep-2008 20:55

I have read a number of posts on this subject but the discussions tend to concentrate on using PC software (which can be turned off or uninstalled) or the use of a PC as a server and performing the monitoring there.

I would think that there must be router or switch based solutions that would provide the means to log internet traffic by IP address on the LAN in a manner that would be transparent to the PCs on the LAN and thus outside the control of any single PC user.

Has anyone implemented anything like this?
What hardware and software would be required?
What would be the costs?

Any info would be welcome, so thanks in advance.

dan

1134 posts

Uber Geek

Lifetime subscriber

#164633 15-Sep-2008 21:29

for my business adsl customers, most are using a Mako Networks ADSL or ethernet to ethernet version of thier router, full transparent monitoring of all network devices by MAC address / protocols etc with nice graphs, reporting and monitoring

http://www.makonetworks.com/

cost is over 1k and has a yearly monitoring fee. Great product tho.

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#164638 15-Sep-2008 21:37

MikroTik RouterOS does everything you want plus everything that you didn't think you needed!

These routers and software are without a doubt the best hardware and software available and will surpass units that cost many many many times more.

cisconz

cisconz
1342 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#164671 16-Sep-2008 00:17

sbiddle: MikroTik RouterOS does everything you want plus everything that you didn't think you needed!

These routers and software are without a doubt the best hardware and software available and will surpass units that cost many many many times more.

Don't give away too many secrets sbiddle

Seriously though, those units are awesome.

Hmmmm

OmniouS

423 posts

Ultimate Geek

Trusted

Lifetime subscriber

#164682 16-Sep-2008 00:39

Smoothwall express 3.0 (free) does what you are looking for

All that is required is an oldish computer with at least two network cards

Voyager referral link - Get $50 credit

HairyScot

182 posts

Master Geek

#164919 16-Sep-2008 20:07

sbiddle: MikroTik RouterOS does everything you want plus everything that you didn't think you needed!

These routers and software are without a doubt the best hardware and software available and will surpass units that cost many many many times more.

Have checked the Mikrotik web site and a couple of others, am a little bit puzzled.

Would the MikroTik router replace or be in addtion to my existing DSL-G604T?
How would it all fit together? Would the Mikrotik box sit between the G604T and the ADSL line?
Is some programming required?

Should one use the local agent for Mikrotik, or deal direct?

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#164921 16-Sep-2008 20:14

The Mikrotik router would replace your existing router - you would still need an ADSL model. You could buy one from the NZ agents of Mikrotik directly.

What you want to do really requires a more powerful router or gateway software but this isn't going to come cheaply.

OmniouS

423 posts

Ultimate Geek

Trusted

Lifetime subscriber

#164930 16-Sep-2008 20:54

Yes with whatever router you choose, you will need to put your DSL-G604T into half-bridge/ipextension mode or buy a plain modem.

Internet <-------> DSL-G604T <------> Router's WAN Port // Router's Ethernet Port/s <-------> Rest of Network

A Smoothwall box will be many times more powerful than any router you can buy. The box _is_ the router/firewall. Logging internet traffic by IP is one of its many features. Caching web proxy/dns is very good. There is no way that network users can bypass it. Bandwidth limiting is easy. View people's instant messenger conversations if you wish... Check out the site for a full feature list. Addons are also available which add a LOT of extra functionality.

Computer requirements are very low. eg an old 2GHz machine with 1gb ram will serve a 100Mbit connection to over 100 users easily. Depending on your internet connection speed, number of users and addons you install (if any) you should be able to take those requirements down quite a lot

Pic of the standard traffic info: http://www.smoothwall.org/images/promos/3.0/about_traffic.png

Voyager referral link - Get $50 credit

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.

HairyScot

182 posts

Master Geek

#164935 16-Sep-2008 21:05

The local agents, Inspire Net, apparently stock only 3 routers.
I received the following from them :-
______________________________________________________________________________________

1 * RB411A, 1 miniPCI, 1 Ethernet, mid power Access point (twice as fast as the 532)
     1 * indoor case
     1 * 24v power
     1 * miniPCI radio card (R52)
     2 * N type pigtails
     1 * POE injector
     1 * Mikrotik software Level 4 (access point load)
$375+GST

1 * RB411A, 1 miniPCI, 1 Ethernet, mid power Access point (twice as fast as the 532)
     1 * Outdoor case
     1 * 24v power
     1 * miniPCI radio card (R52)
     2 * N type pigtails
     1 * POE injector
     1 * Mikrotik software Level 4 (access point load)
$425+GST

1 * RB433, 3 minipci, 3 ethernet
     1 * indoor case
     1 * 24v power
     1 * miniPCI radio card (R52)
     2 * N type pigtails
     1 * POE injector
     1 * Mikrotik software Level 4 (access point load)
$420+GST

If you’re using your D-Link you’ll need to have a DMZ to the Mikrotik from the D-Link. Better still, you could use a Speedtouch or Cisco ADSL CPE in PPTP mode. This will enable the Mikrotik to have a real world IP address on its main interface.

You may also want to look in to Zyxel switches. They may also do what you require.

_________________________________________________________________________________________________________

Some of that is greek to me I'm afraid. Would a "POE injector" be where the ADSL connection gets plugged in?
What are pigtails?
The small number of ethernet ports also raises a problem since I use cable connections for all 4 of our PCs.

cisconz

cisconz
1342 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#164964 16-Sep-2008 22:55

HairyScot: The local agents, Inspire Net, apparently stock only 3 routers.
I received the following from them :-
______________________________________________________________________________________

I can get these much cheaper.

PM me for details.

Hmmmm

Fraktul

836 posts

Ultimate Geek

Trusted

#164978 16-Sep-2008 23:26

cisconz:
sbiddle: MikroTik RouterOS does everything you want plus everything that you didn't think you needed!

These routers and software are without a doubt the best hardware and software available and will surpass units that cost many many many times more.

Don't give away too many secrets sbiddle

Seriously though, those units are awesome.

I agree, RouterOS is a pretty powerful multipurpose routing and network management OS. Its not enterprise class sure but they are damn good bang for buck for the right application - not to mention a bit of fun to play around with....mind you network geeks concepts of fun are probably a little different from others :)

38894

80 posts

Master Geek

#166008 21-Sep-2008 13:09

Since no one here has mentioned it (Unless I missed something while scanning through the posts), I'll recommend the "Packeteer" This is a standalone box, which does not affect your network in the slightest, is going to be brand new hardware and therefore less likely to break down and become a point of failure for your network like an "Old computer" running Smoothwall would be, it also has no blocking features, it will simply monitor EVERY packet that goes through it. You plug the cable that currently goes into your Internet Router into the packeteers primary network port, then plug in a new cable to it's secondary that goes into your internet routers network port, thus monitoring and reporting on EVERY packet that goes through your internet both in and out.

Please note this will not monitor any wireless traffic if the Wireless Access Point is on the Router itself as the traffic will not then go back out of the router via the ethernet cable before going out to the internet and completely bypasses the Packeteer. Also, I am not in any way affiliated or linked with Packeteers, I don't sell or lease them particularly I have just used them and found them to be highly reliable and extremely good at reporting what I need to.

HairyScot

182 posts

Master Geek

#166050 21-Sep-2008 16:07

Hollow: You plug the cable that currently goes into your Internet Router into the packeteers primary network port, then plug in a new cable to it's secondary that goes into your internet routers network port, thus monitoring and reporting on EVERY packet that goes through your internet both in and out.

Please note this will not monitor any wireless traffic if the Wireless Access Point is on the Router itself as the traffic will not then go back out of the router via the ethernet cable before going out to the internet and completely bypasses the Packeteer.

I have 4 ethernet cables going into my router and one cable going out from the router to adsl.
Does this packeteer sit between the router and adsl? If not, how does it help me monitor traffic from 4 computers?
Sounds like I would need to install a switch then site the packeteer between the swithc and the router?

38894

80 posts

Master Geek

#166056 21-Sep-2008 16:33

That's exactly correct, either a switch or a hub, for performance I'd recommend the Switch over a hub but a Hub would still do the trick none the less. Unfortunately if you're currently using your Router as a switch as well as an ADSL modem, Switch and Router then there's no way round that. You wouldn't want to monitor the traffic between the Router and the Internet anyway, it would be far less useful and far more meaningless than the traffic between the Router and the rest of the internal network.