Monitoring my network
I'm looking for some concepts about sniffing my own network. Specifically:
I have XP installed on a laptop. I'd like to monitor XP on my network to track various "phone home" nonsense. I have a Sony ebook reader. I always keep the wireless radio off. I am curious how the software tries to phone home or mine data and want to monitor that connection too. The ebook reader supports both network wireless and 3G. I can connect the laptop with wired or wireless but the ebook reader is limited to wireless. Yes, I plan to disconnect my network cable at the wall before starting these tests. :) My network looks like this: Code:
3 Computers <--> Linksys WRT54GL 1.1 (DD-WRT) <--> ISP VOIP router <--> ISP CPE <--> wonderful wacky web Questions: * To properly monitor either connection, do I need to install a switch between the Linksys router and ISP VOIP router, and then connect another computer to the switch? * When enabled, will the ebook reader automatically connect to a 3G network or do I need a 3G account for that to happen? Thanks again! :) |
I believe that Sony has a partnership with AT&T for their ereaders, so it is entirely possible that it could connect to AT&T with or without an account. I'm not certain how one could tell either way, though.
As for your first question, I'm probably not qualified to say. :scratch: |
Quote:
Edit: Looks like the 3G coverage is automatic because the service is free: http://www.the-ebook-reader.com/sony-prs-950.html |
I'd be more worried about the software Sony ships with the device and which you are supposed to use when transferring books & magazines to the ereader (when not using wireless or 3g).
That is why I use calibre instead. It is a better library management system than Sony's own software. Plus, you can run it as a OPDS server on your home LAN (see http://manual.calibre-ebook.com/cli/calibre-server.html for details) and never have a need for a USB data connection anymore. Eric |
Unless you have a "decent" (read expensive) managed switch you won't be able to achieve what you want the way you want to. Switches work by directing specific traffic from port to port, hence the name switch.
You will either need a managed switch with a port that can be configured to present all traffic or you will need to have a server acting as an intermediary. To use your diagram: Code:
3 Computers <--> Linksys WRT54GL 1.1 (DD-WRT) <--> (nic1) SERVER WITH TWO NICS (nic0) <--> ISP VOIP router <--> ISP CPE <--> wonderful wacky web |
Since you are looking for concepts, I will share my topology of my current network with you.
Cable modem --> firewall/dhcp,dns,etc --> managed switch --> LAN Now even though I have a managed switch, I didn't always have it. In the past, I used the firewall in between my modem and my network to monitor my network. I use tcpdump and wireshark to dump whatever I need to, monitor, etc, and it works quite well. I have a wireless access point integrated within my LAN, with its own subnet, which I keep on the 192.168.3.0/24 subnet. Since I have my firewall acting as DHCP server and DNS as well, it makes it easy to see whatever I need to. tcpick is also a nice tool to use to pick apart your data/packets. |
Could you use wireshark to check the traffic from only that host ?
|
Quote:
A host, even with a NIC in "promiscuous mode" won't see traffic for other hosts unless the switch is specifically configured to do so. |
OK - but I was referring to installing wireshark on the Windows XP machine, where the "questionable" software is installed. Then surely wireshark would be able to see everything going thru the network card on that same host ?
|
Quote:
|
@TenTenths - your signature is wrong ! The "engineers dilemma" (good,fast,cheap - pick any two) does NOT apply to Linux ! With Linux you CAN have all three.
|
Quote:
Hardly "cheap" ;) ;) |
Quote:
I connect the device via USB and copy files to the reader. I'm not into creating collections on the reader. I have my books already sorted by author on my network. I copy a dozen books or so into the root directory, read the books, and then delete the books from the reader when finished. I always keep my copies of books on my network. There is an update to the Sony firmware but the little information I found indicates no bugs are fixed and the update is "one-sided" with changes that only improve data mining. :( I really wish some truly free devices (ebook readers, tablets) would hit the market. Quote:
I don't (yet) grasp the concept of how a proprietary ebook reader connects to a calibre server. Conversely, at this point I'm content with connecting via USB and copying files as needed. |
Quote:
Quote:
Quote:
I have old computers I could use as monitoring portals after installing a managed switch at an interception point. They are slow (PI and PII) but they would suffice to capture traffic --- once I learn how to actually do that. :) Quote:
Now that I wrote that I see several people already wrote the same thing. :) I can't do that with the ebook reader, which is wireless only. (And I have no motivation at all to learn how to root such a device. :)) |
Question:I wonder whether dd-wrt, which I have installed on my Linksys router, has a feature to allow me to monitor IP traffic? There is a firewall logging option and all I need are IP addresses.
I'm not trying to run a complicated sniffing operation. I want only to capture IP addresses to know where the ebook reader and XP wants to phone home. Then add some simple redirects to 127.0.0.1 in my router's hosts file. I have some experience with XP phoning home. About 10 years ago I helped a person configure a third party firewall to track phone home attempts. I was shocked to find that even the XP file manager phones home. I believe I still have that original configuration file in my archived collection of old Windows files. I'm not concerned about XP because I don't use the system. I'm interested in learning how to monitor this nonsense and I simply happen to have a copy of XP available. I have some NT4 and W2K installs but those systems are benign and don't phone home. I'm more concerned about a possible upcoming job contract where I will use Windows 7. I don't anticipate that happening until Jan. 1, but until then I'd like to become familiar with this topic so I know how to monitor Windows 7. The ebook reader (all ebook readers, tablets, etc.) frustrates me because a primary design consideration with these devices is data mining. I don't miss the wireless functions with my ebook reader, but I want to understand what these devices try to do in the background. I don't like that I can't control the 3G feature. I'm half tempted to open the case and permanently disable all wireless by cutting the antenna wires. Yeah, I realize most people don't give a hoot. :) I have much to learn as well as buying a decent managed switch, which I likely will need anyway for the upcoming job contract. Even if that contract falls through, other future contracts are likely to have similar connection requirements. I need to learn how to protect my network in more robust ways. Trusting myself is one thing --- I don't trust other systems. :) Often I have wanted a way to monitor my own network anyway. Seems like a managed switch is a sane beginning. I might install the managed switch after the VOIP router. I know and trust the ISP owner (local mom-and-pop ISP), but I'm curious what the device really does. I believe the device regularly "pings" the VOIP network. Some kind of keep-alive traffic, or something like that. Otherwise I'd be surprised to see anything more. |
All times are GMT -5. The time now is 09:22 AM. |