Quote:
Originally Posted by GioBonvi
...I checked and my monitor doesn't support anything like "monitor port" furthermore my laptop doesn't have two NICs
My idea is: connect the server to the router, monitor all the packets, ...
|
If the laptop is the only equipment communicating to the internet through the router:
Then you are good with 'iptraf' or 'wireshark'. You can filter out the localnet packets in 'wireshark'.
-
If there are other equipment than your laptop communicating to the internet through the router, (how can you be sure?):
Only one thing you can do then. Set everything to route to a gateway using a default route. The gateway being your monitoring laptop. Then setup the laptop to route all outgoing traffic out on the internet port, and set the internet port to route all incoming traffic to your laptop.
We don't know how your router is connected to the internet, so we really don't know how to isolate the internet (WAN) traffic to go only through the laptop.
And you will miss lots of traffic with such a monitor setup. It is simply not safe.
But maybe you only want to monitor certain TCP/HTTP traffic?
-
Port isolation:
A router or switch with traffic between port A and port B will not show the A/B traffic on port C.
If you have your monitoring laptop on port C, then A and B can talk all day without you seeing it, except for some broadcast packets.
Unless you can setup a monitoring port in the router, to snoop the WAN traffic. Or at least get some of the traffic by setting the laptop on C as default gateway for all traffic going through the router. Anyway, the router will then become a HUB, and its total bandwidth be limited to the speed of the laptops port speed.
Could be half decent for a very small home network. But maybe not so good for the NAS bandwith?
-
Basically,
you will need a dedicated computer with two NICs. One for the LAN (local network), and one for the WAN (internet connection) - Preferably with a good linux firewall on it. Both to be safe, and to be able to monitor all the traffic towards the internet.
Historical: Once upon a time we all had 10 Mbit/s coaxial ethernet, and all computers hang on the same cable. Then it was easy to setup a 'lan station monitor', since anybody could go promiscuous, (that is the NICs), and listen in on all traffic on that cable. Nowadays, with routers and switches isolating traffic, it just isn't that simple anymore.
-
And here's an excellent
link on the topic, that i have "sniffed up":
http://www.noah.org/wiki/Packet_sniffing