amartinas
join:2007-11-19
USA
edit:
May 23rd, @08:08AM
| watching my wireless network
is there a piece of hardware that one can buy that you can place between an AP and whatever connects it to the network (lets say a switch)?
for instance, id like to place some IP device on the segment connecting the WAP to my network, and be able to access that device from computers on the network and see everything that is occuring across that segment which is my wireless network.
im aware of wireless packet sniffing, but i honestly am not looking to "hack" networks. i simply want to control what is going across my network alone and see it in stunning ways (bandwidth utilization, sites visited, etc) if at all possible.
hopefully the fact that im looking for a hardware solution like this can alleviate anyones suspicions about me committing any nefarious acts. |
|
Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
| Very confusing post.
If your using WPA or WPA2 security, then only authorized users will be using your network. If your not using WPA or WPA2, then the solution is to implement it.
If your wondering about general traffic going through the router then its a matter of knowing what your router can handle and perhaps use the many logging programs out there such as Link Logger. |
|
amartinas
join:2007-11-19
USA
edit:
May 23rd, @03:35PM
| heres a picture of what i mean. id like something that does "onboard" processing of network traffic and that i can connect to perhaps that has a web interface directly on the hardware that i can look at all this information. does such a thing exist? |
|
docrice
join:2008-03-31
Fremont, CA
| You can use a hub as a tap-in point with a sniffer attached to it. You can probably also build a Linux machine that routes packets and use something like Snort to do traffic pattern-matching based on rulesets. This will provide the benefit of logical IP subnet separation between your wireless clients and your "main" network. As a starter, you can look at SmoothWall or pfSense, although I don't think they provide packet-level listing through the web interface like a Wireshark interface.
That said, you'll need a separate router to connect to the Internet. This is a bit confusing for home use since your typical consumer router is an AP / switch / router combined in one, although you can provide logical separation by using other components. |
|
docrice
join:2008-03-31
Fremont, CA
| (I wish there was an edit button because I always think of something else after I hit Post)
The downside to the above solution is that you won't see interaction between wireless clients. If you're looking for traffic specifically at layer 2, you might just want to load up BackTrack 3 and use a supported wireless chipset (latest version works with Intel 3945 / 2200 for radiotap level visibility). If you're using WPA or WEP, you won't see anything within the frame payload unless you buy AirPCap and enter in your pre-shared key. I'm assuming you're not using an 802.1X-based setup, otherwise it'll be practically impossible to see the packets in the air since the PMK value won't be known. |
|
amartinas
join:2007-11-19
USA
edit:
May 23rd, @03:31PM
| reply to docrice
i dont have a typical home network. i used to use the "all in ones" until the problem kept occuring where one problem would happen, and in order to address it, you'd have to buy an entirely new piece of hardware.
for instance, on my home LAN, i have a full fledged access point with its dipole removed and replaced with a wireless antennae that shoots the signal in a 45 degree angle, which is connected to a 10/100/1000 business series linksys router. i have a network attached printer (not uncommon, but most wouldnt even know how to set one up on xp over the network), and a vonage adapter. i even own a gigabit switch if i ever need more ports. so you can perhaps see that my question is a bit out of the normal sway of things.
i know about buying hubs for this type of thing, but i was hoping to have a more "professional" setup that wouldnt require all that extra hardware (because the hub + the listening computer really complicates things)
technically what im looking for (if it exists) could sniff traffic across any segment, but i specifically want to know whats going on on my wireless segment. |
|
amartinas
join:2007-11-19
USA
edit:
May 23rd, @03:29PM
| reply to docrice
said by docrice  :(I wish there was an edit button because I always think of something else after I hit Post) there is an edit "link" to the right of the qreply and reply buttons.
said by docrice :The downside to the above solution is that you won't see interaction between wireless clients. yea, im just interested in seeing what people connecting to my wireless are up to if it travels to my switch (and subsequently out into the intarwebs). id just be interested to see things like bandwidth utilization (are they P2Ping?) and sites (are they looking up pr0n?) for my general intrest. but it seems like this device doesnt exist, so its becoming a moot point. and by device, i mean stand alone. i dont mean some type of conventaional frankenstien setup that sniffs at broadcasts across a hub. too much hardware is necessary (for my setup and purposes). |
|
docrice
join:2008-03-31
Fremont, CA
edit:
May 25th, @09:04PM
| If you're using 802.11 encryption and / or client isolation features on the WLAN (on Cisco APs, they call it "Public Secure Packet Forwarding"), this gets difficult to see stuff between clients. On the other hand, you can always mirror a port on your switch (assuming this switch provides that capability) and sniff on that assuming your AP is only bridging clients and not routing them.
I'm sure there are all kinds of devices out there that monitor content traffic, but these tend to be provider / enterprise-class appliances and they're expensive. How about a transparent proxy via Squid?
Bandwidth utilization can probably be done on a per-port level via SNMP to something like Cacti, Zenoss, Nagios, OpenNMS, etc.. You know what else might work is Ntop, although I don't want to refer you to a Frankenstein setup. |
|
ct26torr
join:2001-05-31
00001 | reply to amartinas
Why not use something like arpwatch and set it up to email you when a mac not in the db tries to arp on your network |
|
TE
I must crunch
join:2006-05-07
Brea, CA
clubs:
 ·DSL EXTREME
| reply to amartinas
LightSpeed Total Traffic Control comes to mind but as others have pointed out it's expensive.
»www.lightspeedsystems.com/
You can play with reports here ...
»reports.lightspeedsystems.com/Re···ard.aspx |
|
amartinas
join:2007-11-19
USA | reply to amartinas
i dont know how many more times i can emphasize the word "hardware"!!!!! |
|
circle
Premium
join:2005-08-01
Appleton, WI
| reply to amartinas
A Google of +”network traffic” +appliance kicked up one at NETMON (»www.netmon.ca/). Cisco and other network companies probably also offer similar devices. Firewall companies such as Juniper may also offer similar devices. They can get pricy. The NETMO devices starts at $7500.
--
There's no place like 127.0.0.1 |
|
tobicat
join:2005-04-18
Tombstone, AZ | reply to amartinas
Don't know if this will do what uou want or not but its free for today only.
»www.giveawayoftheday.com/
--
9000 spaceway III, 7000S SatMex 5 1270, Dlink wirless |
|
amartinas
join:2007-11-19
USA
edit:
June 1st, @02:36AM
| re: tobicat
hardware!!! |
|
Nerdtalker
Working Hard, Or Hardly Working?
Premium,MVM
join:2003-02-18
Tucson, AZ
clubs:
 ·Comcast
| reply to amartinas
Something small and open source that is technically a solution tied to specific "hardware" (namely x86 embedded boxes) is pfSense.
I know that one can set pfSense up to use snort to do a variety of monitoring on various interfaces, and the freeBSD-based suite works well with various miniPCI wireless NICs. As far as that goes, you can see:
•Bandwidth utilization (RRD graphs for throughput, cpu load, quality, queues, e.t.c.)
•NAT States (this is almost the "sites visited" you want to see)
•Traffic shaping
•Clients
•Interface status
•DNS forwarding
--
"Some people never see the light till it shines thru bullet holes." -Bruce Cockburn
I'm testing Gmail's spam filters: Broadbandreports1@gmail.com
Spam: 12900+ messages currently using 406 MB. |
|
amartinas
join:2007-11-19
USA
edit:
June 1st, @02:30AM
| said by Nerdtalker :Something small and open source that is technically a solution tied to specific "hardware" (namely x86 embedded boxes) said by Wikipedia :
Computer hardware is the physical part of a computer, including its digital circuitry, as distinguished from the computer software that executes within the hrdware looking for harware solutions. if your software solution doesnt include hardware within the provisions of the stated solution, stop posting these off topic suggestions. i know everyone wants to play a semantics game, but instead, why not just help given the listed criteria? or better yet, not post unhelpful suggestions?
not posting is easier than playing a game of semantics. |
|
Techless
Premium
join:2002-07-19
The 70s
 ·Vonage
| The people in this forum have tried to suggest options that might help you fulfill your needs.
They have suggested options that may have worked for them,
whether hardware or software.
This is not a paid service where you might be able to be upset if the replys don't match your exact request.
It very well may be that the best option is not exactly what you requested.
said by Wikipedia :
Computer hardware is the physical part of a computer, including its digital circuitry, as distinguished from the computer software that executes within the hrdware
Even if you find the hardware that you seek it will be the software running on it that actually does what you want.
--
☛ In my world everyones a pony and they all eat rainbows and poop butterflys. Katie ☚ |
|
amartinas
join:2007-11-19
USA
edit:
June 1st, @10:35PM
| i am aware that i cannot "control" the responses i receive for this. however, it is asinine to suggest that it is "helpful" to provide suggestions to a topic that are not inline with the topic itself. what is the point of a forum then? (thats rhetorical)
by specifying hardware, i obviously imply that there will be software running on the hardware. but by making the hardware the PREREQUISITE, i am trying to promote clarity rather than ambiguity and ensure that responses are helpful given the context.
people like to think that when they cant provide an on topic solution that the next best thing is to provide the antithesis to the solution. this is incorrect; the proper response is simply to not respond at all which will serve not to convolute the topic at hand. if a person truly wants to help this topic, the best thing to do is to understand the context, and if they have no ontopic response (GIVEN THE DIRECT REQUIREMENT OUTLINED), providing no response is more helpful than providing the incorrect, offtopic response.
i knew it was a matter of time until someone decided to argue semantics rather than stay on the topic. |
|
