Network Monitoring

Discussion in 'Computer Support' started by jflash, Sep 1, 2007.

  1. jflash

    jflash Guest

    I am looking for a way to monitor network traffic from the entire
    network on one computer. I have asked this before, and was told that
    the best way would be to connect the computer that would be doing the
    monitoring upstream of the router, but due to the physical setup of
    the network, this would be impractical at best. The current setup is a
    cable modem connected to a Linksys WRT54G router, and then there are
    three desktop computers hardwired to the router and then I use the
    wireless for my laptop. There is a possibility of me being able to
    switch out most of the networking hardware, however, I would want to
    retain the wireless functionality. The computer that would be doing
    the monitoring is a homemade desktop that dualboots Ubuntu Linux and
    Windows XP Home SP2. Thanks!
     
    jflash, Sep 1, 2007
    #1
    1. Advertising

  2. jflash <> wrote news:1188653350.021438.161400
    @r29g2000hsg.googlegroups.com:

    > I am looking for a way to monitor network traffic from the entire
    > network on one computer. I have asked this before, and was told that
    > the best way would be to connect the computer that would be doing the
    > monitoring upstream of the router, but due to the physical setup of
    > the network, this would be impractical at best. The current setup is a
    > cable modem connected to a Linksys WRT54G router, and then there are
    > three desktop computers hardwired to the router and then I use the
    > wireless for my laptop. There is a possibility of me being able to
    > switch out most of the networking hardware, however, I would want to
    > retain the wireless functionality. The computer that would be doing
    > the monitoring is a homemade desktop that dualboots Ubuntu Linux and
    > Windows XP Home SP2. Thanks!


    LinkLogger. It's not free, but very good!

    http://www.linklogger.com
     
    @}-}-------Rosee, Sep 1, 2007
    #2
    1. Advertising

  3. jflash

    Mike Easter Guest

    jflash wrote:
    > I am looking for a way to monitor network traffic from the entire
    > network on one computer. I have asked this before, and was told that
    > the best way would be to connect the computer that would be doing the
    > monitoring upstream of the router, but due to the physical setup of
    > the network, this would be impractical at best. The current setup is a
    > cable modem connected to a Linksys WRT54G router, and then there are
    > three desktop computers hardwired to the router and then I use the
    > wireless for my laptop. There is a possibility of me being able to
    > switch out most of the networking hardware, however, I would want to
    > retain the wireless functionality. The computer that would be doing
    > the monitoring is a homemade desktop that dualboots Ubuntu Linux and
    > Windows XP Home SP2. Thanks!


    If you change the firmware in the WRT54G to the Sveasoft, the router
    will be much more powerful and that will also enable its logging to be
    handled/monitored by WallWatcher. Then you would feed the logs to the
    desktop and WW.

    There's other linux based firmware for the WRT54G.


    --
    Mike Easter
     
    Mike Easter, Sep 1, 2007
    #3
  4. jflash

    jflash Guest

    On Sep 1, 10:19 am, "Mike Easter" <> wrote:
    > jflash wrote:
    > > I am looking for a way to monitor network traffic from the entire
    > > network on one computer. I have asked this before, and was told that
    > > the best way would be to connect the computer that would be doing the
    > > monitoring upstream of the router, but due to the physical setup of
    > > the network, this would be impractical at best. The current setup is a
    > > cable modem connected to a Linksys WRT54G router, and then there are
    > > three desktop computers hardwired to the router and then I use the
    > > wireless for my laptop. There is a possibility of me being able to
    > > switch out most of the networking hardware, however, I would want to
    > > retain the wireless functionality. The computer that would be doing
    > > the monitoring is a homemade desktop that dualboots Ubuntu Linux and
    > > Windows XP Home SP2. Thanks!

    >
    > If you change the firmware in the WRT54G to the Sveasoft, the router
    > will be much more powerful and that will also enable its logging to be
    > handled/monitored by WallWatcher. Then you would feed the logs to the
    > desktop and WW.
    >
    > There's other linux based firmware for the WRT54G.
    >
    > --
    > Mike Easter


    I looked into that, but my router is more specifically the WRT54GL,
    and I was unable to find linux-based firmware that would obviously
    work with the wrt54gl. Are there any good solutions I'm not finding,
    or will Sveasoft work with wrt54gl as well as the original wrt54g?
     
    jflash, Sep 1, 2007
    #4
  5. jflash

    why? Guest

    On Sat, 01 Sep 2007 13:29:10 -0000, jflash wrote:

    >I am looking for a way to monitor network traffic from the entire


    Actual traffic or volume?

    Different answers.

    >network on one computer. I have asked this before, and was told that
    >the best way would be to connect the computer that would be doing the
    >monitoring upstream of the router, but due to the physical setup of
    >the network, this would be impractical at best. The current setup is a
    >cable modem connected to a Linksys WRT54G router, and then there are


    If there isn't SNMP on the router, it's not as easy as

    Putting a PC (some ver of Linux) with 2 NICS in front of the router. 1
    NIC to the WAN link , route / monitor every thing that passes by NIC 1
    to NIC 2 which is connected to the WRT.

    Ethernet tap, very expensive,

    Get a repeater , not a switch put it between the ISP link WRT, plug a
    monitor PC into 1 of the repeater ports. Usually this is only
    10Mbps/Half duplex.

    Buy a better router.

    >three desktop computers hardwired to the router and then I use the
    >wireless for my laptop. There is a possibility of me being able to
    >switch out most of the networking hardware, however, I would want to
    >retain the wireless functionality. The computer that would be doing
    >the monitoring is a homemade desktop that dualboots Ubuntu Linux and
    >Windows XP Home SP2. Thanks!


    Me
     
    why?, Sep 1, 2007
    #5
  6. jflash

    Mike Easter Guest

    jflash wrote:
    > "Mike Easter"
    >> jflash wrote:
    >>> I am looking for a way to monitor network traffic from the entire
    >>> network on one computer.


    >> There's other linux based firmware for the WRT54G.


    > I looked into that, but my router is more specifically the WRT54GL,


    .... then don't say wrt54g when you mean wrt54gl -- or name the version
    of 54g

    > and I was unable to find linux-based firmware that would obviously
    > work with the wrt54gl. Are there any good solutions I'm not finding,
    > or will Sveasoft work with wrt54gl as well as the original wrt54g?


    The story behind linksys intentionally crippling the 54g into the 54gl
    is here. http://www.extremetech.com/article2/0,1697,1934591,00.asp
    Hacking Your Linux-Based Wireless Router -- WRT54GL History - They
    halved the amount of flash memory and RAM to just 2MB Flash and 8MB RAM
    and switched to a VxWorks firmware. -- Here's a list of some of the
    popular third-party firmware available for the WRT54GL:

    Then there's the linksysinfo site http://www.linksysinfo.org/index.php
    to enable users of Linksys devices to post issues and questions and
    allow other users to helpfind a solution with their products



    --
    Mike Easter
     
    Mike Easter, Sep 1, 2007
    #6
  7. jflash

    Mike Easter Guest

    jflash wrote:
    > I am looking for a way to monitor network traffic from the entire
    > network on one computer.


    Does that mean that you solved the problem of the home built desktop not
    having LAN access?\

    Where is the followup on that?


    --
    Mike Easter
     
    Mike Easter, Sep 1, 2007
    #7
  8. jflash

    jflash Guest

    On Sep 1, 12:06 pm, "Mike Easter" <> wrote:
    > jflash wrote:
    > > I am looking for a way to monitor network traffic from the entire
    > > network on one computer.

    >
    > Does that mean that you solved the problem of the home built desktop not
    > having LAN access?\
    >
    > Where is the followup on that?
    >
    > --
    > Mike Easter


    I thought I had specified WRT54GL initially, and it was simply an
    oversight on my part. And I still haven't resolved the first issue,
    but this is more out of curiosity than anything, although once the
    first issue gets cleared up I will probably implement this if
    possible.

    And, why?: Actual traffic, and I was wondering if there was some way
    to work it without buying a repeater.
     
    jflash, Sep 1, 2007
    #8
  9. jflash

    Mr. Arnold Guest

    "jflash" <> wrote in message
    news:...
    > On Sep 1, 12:06 pm, "Mike Easter" <> wrote:
    >> jflash wrote:
    >> > I am looking for a way to monitor network traffic from the entire
    >> > network on one computer.

    >>
    >> Does that mean that you solved the problem of the home built desktop not
    >> having LAN access?\
    >>
    >> Where is the followup on that?
    >>
    >> --
    >> Mike Easter

    >
    > I thought I had specified WRT54GL initially, and it was simply an
    > oversight on my part. And I still haven't resolved the first issue,
    > but this is more out of curiosity than anything, although once the
    > first issue gets cleared up I will probably implement this if
    > possible.
    >
    > And, why?: Actual traffic, and I was wondering if there was some way
    > to work it without buying a repeater.


    If the WRT54GL produces a syslog, then you can use Walwtacher to monitor
    traffic to and from the router and your network.

    http://sonic.net/wallwatcher/

    If your router is not listed, then you maybe able to use the generic
    functions of WW or you can contact the author of WW and he will work with
    you in getting your router's syslog data incorporated in WW.
     
    Mr. Arnold, Sep 1, 2007
    #9
  10. jflash

    jflash Guest

    On Sep 1, 3:53 pm, "Mr. Arnold" <MR. > wrote:
    > "jflash" <> wrote in message
    >
    > news:...
    >
    >
    >
    > > On Sep 1, 12:06 pm, "Mike Easter" <> wrote:
    > >> jflash wrote:
    > >> > I am looking for a way to monitor network traffic from the entire
    > >> > network on one computer.

    >
    > >> Does that mean that you solved the problem of the home built desktop not
    > >> having LAN access?\

    >
    > >> Where is the followup on that?

    >
    > >> --
    > >> Mike Easter

    >
    > > I thought I had specified WRT54GL initially, and it was simply an
    > > oversight on my part. And I still haven't resolved the first issue,
    > > but this is more out of curiosity than anything, although once the
    > > first issue gets cleared up I will probably implement this if
    > > possible.

    >
    > > And, why?: Actual traffic, and I was wondering if there was some way
    > > to work it without buying a repeater.

    >
    > If the WRT54GL produces a syslog, then you can use Walwtacher to monitor
    > traffic to and from the router and your network.
    >
    > http://sonic.net/wallwatcher/
    >
    > If your router is not listed, then you maybe able to use the generic
    > functions of WW or you can contact the author of WW and he will work with
    > you in getting your router's syslog data incorporated in WW.


    Same problem as above: the 54gl can't have sveasoft installed, and
    wallwatcher requires it.
     
    jflash, Sep 1, 2007
    #10
  11. jflash

    jflash Guest

    OK, I feel a little stupid. According to the web-based configuration,
    I have the WRT54GL. However, I was checking the label on the router
    itself and discovered that the hardware is, in fact, a WRT54G v4. So,
    I have since replaced that firmware with DD-WRT, and am trying to
    figure out which version of sveasoft to install and I will then
    install that.
     
    jflash, Sep 2, 2007
    #11
  12. jflash

    Mike Easter Guest

    jflash wrote:
    > OK, I feel a little stupid. According to the web-based configuration,
    > I have the WRT54GL. However, I was checking the label on the router
    > itself and discovered that the hardware is, in fact, a WRT54G v4. So,
    > I have since replaced that firmware with DD-WRT, and am trying to
    > figure out which version of sveasoft to install and I will then
    > install that.


    One of the website links I posted for you earlier sez the 54g v4 = 54gl

    http://www.linksysinfo.org/forums/showthread.php?t=51900 WRT54GL -- **(same
    as WRT54G v4) Those listed belown are known to work with WRT54GL, other
    WRT54G firmware may also work, please confirm with project.

    --
    Mike Easter
     
    Mike Easter, Sep 2, 2007
    #12
  13. jflash

    jflash Guest

    On Sep 1, 6:38 pm, "Mike Easter" <> wrote:
    > One of the website links I posted for you earlier sez the 54g v4 = 54gl
    >
    > http://www.linksysinfo.org/forums/showthread.php?t=51900 WRT54GL -- **(same
    > as WRT54G v4) Those listed belown are known to work with WRT54GL, other
    > WRT54G firmware may also work, please confirm with project.
    >
    > --
    > Mike Easter


    Oh, my apologies. I somehow missed that...
     
    jflash, Sep 2, 2007
    #13
  14. jflash

    why? Guest

    On Sat, 01 Sep 2007 18:27:48 -0000, jflash wrote:

    >On Sep 1, 12:06 pm, "Mike Easter" <> wrote:
    >> jflash wrote:
    >> > I am looking for a way to monitor network traffic from the entire
    >> > network on one computer.

    >>
    >> Does that mean that you solved the problem of the home built desktop not
    >> having LAN access?\
    >>
    >> Where is the followup on that?
    >>
    >> --
    >> Mike Easter

    >
    >I thought I had specified WRT54GL initially, and it was simply an
    >oversight on my part. And I still haven't resolved the first issue,
    >but this is more out of curiosity than anything, although once the
    >first issue gets cleared up I will probably implement this if
    >possible.
    >
    >And, why?: Actual traffic, and I was wondering if there was some way
    >to work it without buying a repeater.


    Almost missed this reply to me as you didn't respond to my post but
    someone else.

    So you want to see the actual traffic whick looks like 1000's of these,


    No. Time Source Destination Protocol
    Info
    1 0.000000 00:0e:0c:9c:6e:fb ff:ff:ff:ff:ff:ff ARP
    Who has 192.168.0.12? Tell 192.168.0.5

    Frame 1 (42 bytes on wire, 42 bytes captured)
    Ethernet II, Src: 00:0e:0c:9c:6e:fb (00:0e:0c:9c:6e:fb), Dst:
    ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
    Address Resolution Protocol (request)

    0000 ff ff ff ff ff ff 00 0e 0c 9c 6e fb 08 06 00 01 ..........n.....
    0010 08 00 06 04 00 01 00 0e 0c 9c 6e fb c0 a8 00 05 ..........n.....
    0020 00 00 00 00 00 00 c0 a8 00 0c ..........
    No. Time Source Destination
    Protocol Info
    2 1.065270 192.168.0.5 192.168.100.1 SNMP
    get-request


    Frame 2 (103 bytes on wire, 103 bytes captured)
    Ethernet II, Src: 00:0e:0c:9c:6e:fb (00:0e:0c:9c:6e:fb), Dst:
    00:a0:c5:e4:e9:c4 (00:a0:c5:e4:e9:c4)
    Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 192.168.100.1
    (192.168.100.1)
    User Datagram Protocol, Src Port: 2044 (2044), Dst Port: 161 (161)
    Simple Network Management Protocol

    0000 00 a0 c5 e4 e9 c4 00 0e 0c 9c 6e fb 08 00 45 00 ..........n...E.
    0010 00 59 a9 6b 00 00 80 11 00 00 c0 a8 00 05 c0 a8 .Y.k............
    0020 64 01 07 fc 00 a1 00 45 17 d1 30 3b 02 01 00 04 d......E..0;....
    0030 06 70 75 62 6c 69 63 a0 2e 02 04 39 52 25 8b 02 .public....9R%..
    0040 01 00 02 01 00 30 20 30 0e 06 0a 2b 06 01 02 01 .....0 0...+....
    0050 02 02 01 0a 01 05 00 30 0e 06 0a 2b 06 01 02 01 .......0...+....
    0060 02 02 01 10 01 05 00 .......
    No. Time Source Destination
    Protocol Info
    3 1.094094 192.168.100.1 192.168.0.5 SNMP
    get-response


    As for a repeater oh well, OTOH a Cisco WS-C2960-24TT-L for USD 800 will
    let you mirror a port.

    What you may really want is something like a freeware / low cost version
    of...


    If the linkssys software has sFlow/nFlow options then
    http://www.ntop.org/
    runs on a Linux box for free or pay for the Win version.

    http://etherape.sourceforge.net/
    Also Linux

    Something from Visualware, maybe
    www.visualware.com

    Network probe,
    http://www.objectplanet.com/probe/
    there used to be a v1 free download / trial.

    If you get the sw for the linksys with syslog running there are several
    syslog tools to send the raw data to.

    ...to monitor then WAN link.

    Me
     
    why?, Sep 2, 2007
    #14
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Chris Cowles

    Monitoring use on my home network

    Chris Cowles, Jan 1, 2005, in forum: Wireless Networking
    Replies:
    6
    Views:
    1,558
    David
    Jan 3, 2005
  2. chris kane
    Replies:
    2
    Views:
    376
    Hansang Bae
    Jan 16, 2004
  3. Rob Hulme
    Replies:
    1
    Views:
    634
    Walter Roberson
    Jan 21, 2004
  4. Replies:
    1
    Views:
    547
    Jack \(MVP-Networking\).
    Feb 18, 2008
  5. Replies:
    0
    Views:
    462
Loading...

Share This Page