UGN Security
Posted By: Artic Warrior Router scanner? - 04/17/06 10:30 AM
Is it possible to see what data from the interent is going through a router to other computers sharing an ADSL network?
Posted By: Artic Warrior Re: Router scanner? - 04/18/06 12:37 AM
Did my question not make sense? Or does no one know?
Posted By: Ghost Re: Router scanner? - 04/18/06 01:06 AM
Is the network setup like this or something similar?

Internet --- ADSL modem --- Router --- Client Computers
Posted By: Artic Warrior Re: Router scanner? - 04/18/06 03:51 PM
Thats the setup Im talking about. And so then the client computers are connected through the router for our local network. So I'm guessing to see the data being downloaded you would need something to scan the modem more then the router?
Posted By: Defcon Re: Router scanner? - 04/19/06 12:45 PM
Ok, first of all whose network is this? Something you own or is this something your parents or place of business owns? Second of all what traffic are you trying to scan for?

Understand that a lot of information goes through your network in the course of an hour. You'd end up with hours worth of logs to look through if you want to scan and log every little piece of traffic (Internal NetBios stuff, DHCP Requests/DHCPACK, TCP/IP connections to the internet, DNS requests, etc). What are you specifically looking for and why is important. Maintaining a log of all these connections also forces the Router to work harder and depending on the model and traffic volume could have negative affects, especially if its a cheap Linksys piece of [censored].

Now that thats laid out, here are some ideas.
If you can actually set up your ADSL or Router firewall you could have it pass regular internet traffic and keep a log of it. Then review the logs at your leisure.

You could also pop a Network IDS between the DSL Modem and the Router.

all I got for the moment.
Posted By: IceMyst Re: Router scanner? - 04/19/06 10:25 PM
If you're scanning an outside network not owned by you; be careful as your ISP can label you a "hacker" and terminate your internet contract...
Posted By: Artic Warrior Re: Router scanner? - 04/20/06 03:07 AM
Quote:
Originally posted by Defcon:
Ok, first of all whose network is this? Something you own or is this something your parents or place of business owns? Second of all what traffic are you trying to scan for?

Understand that a lot of information goes through your network in the course of an hour. You'd end up with hours worth of logs to look through if you want to scan and log every little piece of traffic (Internal NetBios stuff, DHCP Requests/DHCPACK, TCP/IP connections to the internet, DNS requests, etc). What are you specifically looking for and why is important.

I only want to know if its possible. To answer the above Q's, it's the home network I'm on which has 4 computers, of which one of the clients I am suspicions of would want to do this. He likes to play Big Brother. That's why I wanted to know. Not so I could scan all the data, thats just not something I do.
Is there a way to find out if someone is doing this to our network and stop it without breaking into the neighbours room?
Im assuming secure sites eg. internet banking, have thier data encrypted.
Posted By: sinetific Re: Router scanner? - 05/09/06 01:36 AM
The answer is:

Yes.

Normally no, you can't sniff traffic on a switched network unless they have control of the switch/router and it supports spanning tree (ie, its a cisco). The other possibilty is that they are doing arp spoofing more commonly know as a man-in-the-middle attack.

You can read a brief history about packet sniffing here
Posted By: Artic Warrior Re: Router scanner? - 05/15/06 04:59 PM
Do routers have their own fire wall?
Because just today I can no longer access some sites, like my friends blog or an obscure site. It comes up with what looks like a message from the router company but I'm still skeptical. The company is Netgear and the message on the page that comes up is

"Web Site Blocked by NETGEAR Fire wall", and it even services a link to the manufacturers site in the bottom corner. I don't want another firewall as I already have Norton. Is it possible to turn it off?

I did click the icon in the corner and submitted an online tech support message, god knows how long they might take though.

And thanks so much for the link sinetific, its scary to think about it though, and the fact that I know he wanted to know if it was possible as well means he gave it a shot meaning he might be reading this right now.
Posted By: sinetific Re: Router scanner? - 05/15/06 05:29 PM
Netgear routers do have content filtering. To get around that you would need some sort of encrypted connection to outside of your subnet, because it is probably filtering in the packet level.
Posted By: Artic Warrior Re: Router scanner? - 05/15/06 05:38 PM
That sucks, its so [censored] annoying! How come this never happened before. Did it just suddenly decide to turn itself on? The routers configuration would have to have been changed right.
This is one of those times that I wish I knew more about computers.
Posted By: Artic Warrior Re: Router scanner? - 05/15/06 06:50 PM
Thanks Ghost and Curse!
Posted By: Ghost Re: Router scanner? - 05/16/06 12:58 AM
Yeah. Next time, don't deliberately try to be annoying, and you'll get an even better response.
Posted By: Artic Warrior Re: Router scanner? - 05/18/06 01:30 PM
I still dont know how I reminded you of Paradox.
"don't deliberately" Or was it < that. Cause u know it wasnt deliberate right.
Posted By: Ghost Re: Router scanner? - 05/19/06 02:14 AM
I never said that, it was curse, and I assume he was kidding.
© UGN Security Forum