Network Utilities

]SK[

One of Freddy's beloved
Joined
Dec 22, 2003
Messages
298
Im in need of something like SnifferPro so I can watch someones PC on our wireless network. They are getting though a lot of bandwidth and its all uploading. This is sadly affecting the rest of the network so needs to be resolved asap. Anyone know of any programs that can sit and watch someones IP and report to me what in and outgoing ports traffic is using. All this needs to be done remotely. Ive just tried ethereal but cant seem to get it to report a remote IP. Needs to be win32. Cheers.
 

Athan

FH is my second home
Joined
Dec 24, 2003
Messages
1,063
It strikes me that your problem is either of not putting ethereal into promiscuous mode (well, actually of having it put the NIC into that mode...), *OR* that the machine you're running it on just isn't seeing that traffic anyway due to router/switch/whatever not broadcasting the packets.

-Ath
 

babs

Can't get enough of FH
Joined
Dec 30, 2003
Messages
1,595
Dunno if it's what you're looking for exactly, but do a search for WinDump. It's a windows port of TCPdump and works very well.
 

]SK[

One of Freddy's beloved
Joined
Dec 22, 2003
Messages
298
Can ethereal and windump show me info about traffic from someone else's IP? I still havent managed to view anything other than the odd broadcast etc
 

Athan

FH is my second home
Joined
Dec 24, 2003
Messages
1,063
*poke* *poke*, see what I said. It sounds like the machine you're using is connected to a switch that isn't set to broadcast all traffic to that machine, so you'll only get actual broadcast traffic plus anything actually addressed to the machine's MAC.

If you need to see everything then prod the network admin to set your port to receive all traffic regardless of intended destination. If you're the network admin in this case than it's manual time. If it's just a wireless+LAN router then you might be SOL if it doesn't support the feature (but then most switch type jobbies will devolve into a hub if pushed hard enough anyway).

-Ath
 

Xavier

Can't get enough of FH
Joined
Dec 22, 2003
Messages
1,542
Just use the admin console on your router to see where they're connecting and via which ports to begin with. If it's something obvious like port 1214 then dispatch the P45+boot+arse combo and get rid of the pillock.

Xav
 

]SK[

One of Freddy's beloved
Joined
Dec 22, 2003
Messages
298
OK background.

We run a Wireless ISP. It seems the wireless network suffers heavily when using P2P (must be the countless connections that are made, try 700+). Im pretty much sat at the switch where all access points come in. I have access over most of the system setup.

If you need to see everything then prod the network admin to set your port to receive all traffic regardless of intended destination.
Needs to be done without disturbing other traffic.

Its a leased line Cisco router owned by GX Networks, I cant touch it.
 

Xavier

Can't get enough of FH
Joined
Dec 22, 2003
Messages
1,542
Well, the simplest way is to stick something between to act as a gateway and monitor the source/destination.

If you mean wireless ISP as in wireless hotspot access then you're in the same boat as the rest - the only real way to block P2P is by putting up a full web proxy but that then shafts VPN connections and would lose you customers. Apps like KaZaA will use everything including port 80, tis the bane of firewall admins everywhere and you won't be able to block a port or three to stop it.
 

]SK[

One of Freddy's beloved
Joined
Dec 22, 2003
Messages
298
I guess hotspot but then were serving to over 100 homes.

Ive been thinking of building a box to sit in between the clients gateway and the true internet gateway. One to fix an internal issue and the other to watch and block ports. Of course suitable answer is a nixed based OS. Shame im clueless on this and dont know how I could set something like this up.

/me strokes chin and humms at this
 

Xavier

Can't get enough of FH
Joined
Dec 22, 2003
Messages
1,542
Just spoke to a friend who has a similar role to yourself and they use something similar to this:

http://www.bandwidthcontroller.com/

lets you specify maximum bandwidth per port, to groups, to external sources, very versatile and works on any windows server running as a gateway.

A simple win2k box running as a router with this would do the job if you're not unix-savvy.

Xav
 

]SK[

One of Freddy's beloved
Joined
Dec 22, 2003
Messages
298
We have bandwidth shaping in place. Its not the bandwidth thats the issue, its the wireless network thats having issues. If we have two people on one access point using p2p programs the wireless network becomes heavily overcome with packetloss. I know we could get GX to maybe block certain ports on the router, but this costs and we dont want to foot the bill, plus this doesnt solve the problem if new p2p arise.
 

Xavier

Can't get enough of FH
Joined
Dec 22, 2003
Messages
1,542
Port blocking won't stop the large majority of P2P.
 

Users who are viewing this thread

Top Bottom