Jump to content



Photo

How to monitor my LAN network traffic

lan traffic

  • Please log in to reply
31 replies to this topic

#1 Koshur

Koshur

    Neowite

  • Tech Issues Solved: 1
  • Joined: 08-February 12
  • OS: Win7, Ubuntu 12.04LTS, PinguyOS 11.10, Backtrack 5R2, Zorin OS

Posted 12 November 2012 - 05:59

Hi

I want to know if there is a way i can monitor my LAN network. I want to keep an eye on my 12 year old cousin, and dont want him to browse some random weird suff on internet. He is too much into warez and vulnerable online gaming sites. This puts the him at risk at too young age. Obviously i dont want to crackdown on him at random but quietly monitor so that i can guide him through.

Is there a way i can monitor and if required block certain sites/ URL's ( no windows used its a live user for an ubuntu distro), i am looking for something at the network level (on router level).

I have a beetle 450TC1 wifi router with one wired desktop and two laptops:
One is my own (dual boot win7 and ubuntu distro) - running on wifi
My cousin's (for safety i gave him a live user bootable linux distro - bootable from USB stick) - no installed OS - running on wifi same network

Is there a program i can deploy on admin level of router or on LAN to monitor my traffic. May be if possible this would also serve as a bandwidth monitor and give me an estimate of my monthly usage.



Thanks
Mark


#2 Gerowen

Gerowen

    Neowinian Senior

  • Tech Issues Solved: 2
  • Joined: 28-August 05
  • Location: Hills of Kentucky
  • OS: Ubuntu Linux

Posted 12 November 2012 - 06:19

Hi

I want to know if there is a way i can monitor my LAN network. I want to keep an eye on my 12 year old cousin, and dont want him to browse some random weird suff on internet. He is too much into warez and vulnerable online gaming sites. This puts the him at risk at too young age. Obviously i dont want to crackdown on him at random but quietly monitor so that i can guide him through.

Is there a way i can monitor and if required block certain sites/ URL's ( no windows used its a live user for an ubuntu distro), i am looking for something at the network level (on router level).

I have a beetle 450TC1 wifi router with one wired desktop and two laptops:
One is my own (dual boot win7 and ubuntu distro) - running on wifi
My cousin's (for safety i gave him a live user bootable linux distro - bootable from USB stick) - no installed OS - running on wifi same network

Is there a program i can deploy on admin level of router or on LAN to monitor my traffic. May be if possible this would also serve as a bandwidth monitor and give me an estimate of my monthly usage.



Thanks
Mark


You could invest in some 3rd party firmware like DD-WRT or Tomato. Not sure which ones would work on your router, but I've been running DD-WRT on my router for a while and it gives me a lot of info. I have to use the "lite" version because of my older router, but it gives you a chart to track how much bandwidth has been used in the last day, week and month, and you can look back at past months as well. You can filter sites by keyword as well as URL. In fact a lot of routers are coming with some of these features built into the factory firmware. You can even use QoS to prioritize bandwidth to particular machines, or restrict certain types of traffic so he can't eat up all your bandwidth with bittorrent downloads. You could even use a 3rd party DNS server to filter traffic and websites as appropriate. I use DynDNS for a public hostname but they also offer security services, and all you have to do is configure your router to forward all traffic through their DNS servers first. OpenDNS is another one I've heard of.

Anyway I'll stop rambling, I was just throwing ideas out there.

#3 OP Koshur

Koshur

    Neowite

  • Tech Issues Solved: 1
  • Joined: 08-February 12
  • OS: Win7, Ubuntu 12.04LTS, PinguyOS 11.10, Backtrack 5R2, Zorin OS

Posted 12 November 2012 - 09:59

Hi

Ok. here is what ive got so far.
  • Signed up for opendns (coz dydns is not free)
  • Added my network
  • Enabled updation of my dynamic ip.
  • installed their ip updation client for win.
  • choose the settings on moderate level filtering
  • Updated my router to use their DNS servers
Once i apply these settings on my opendns dashboard, it says it would take 3 min to push all settings across the servers, But guess what i am still able to open porn sites on my client. !! :(

Also my router has an option for dydns account but not for opendns...
I am not sure what i am missing on this one. Please see the screenshots

192.168.1.1 - Google Chrome_004.png 192.168.1.1 - Google Chrome_003.png Selection_002.png Selection_001.png

#4 OP Koshur

Koshur

    Neowite

  • Tech Issues Solved: 1
  • Joined: 08-February 12
  • OS: Win7, Ubuntu 12.04LTS, PinguyOS 11.10, Backtrack 5R2, Zorin OS

Posted 12 November 2012 - 10:08

hang on guys..its working on the clients but i need to keep the ip updater on... is there a way i can put this on my router so that i dont have to setup this at every client level?? I am using ubuntu distros as OS as well. and the ddclient on that is a mess to setup..which is y i am looking for a router level restricting. Any ideas?

#5 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 96
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 12 November 2012 - 13:14

there are a couple of ways to do it, you can have your router hand out opendns servers to use as dns via its dhcp server - looks like you might be doing that but can not really tell for sure. Or you can have your clients still use your router and have it forward to opendns servers.

What does this mean?

whatdoesthismean.png

Use discovered only sounds like it will be using your ISP dns? Does it hand that out to your dhcp clients, or hand out the 2 you have listed there - opendns?

When you hand it out - then your clients dhcp lease has to be updated to get the new info. Or they will still be using your router or isp dns and not be filtered. release and renew the lease on the client or reboot should do it as well.

Dynamic dns has little to do with your clients using opendns - now if your ip changes your categories and stuff will not be used. But how often does your public IP change? Do you turn off your router for days at a time? If not then should stay the same even if dhcp.

Nothing is filtered unless you actually use the opendns server for your dns, and if you don't flush your local cache on your box then you could still get to porn sites if you have them cached locally until the ttl expires.

#6 OP Koshur

Koshur

    Neowite

  • Tech Issues Solved: 1
  • Joined: 08-February 12
  • OS: Win7, Ubuntu 12.04LTS, PinguyOS 11.10, Backtrack 5R2, Zorin OS

Posted 13 November 2012 - 06:42

Hi Budman

Use discovered only sounds like it will be using your ISP dns? Does it hand that out to your dhcp clients, or hand out the 2 you have listed there - opendns?

-- All my clients get the dns servers that i list here. i.e OpenDNS and not my ISP DNS.

Here is the other option that says Auto discovery of DNS

Selection_005.png

I have a dynamic IP, whihc is why i added the my network in opendns dashboard.

Here is what i followed for ddclient config settings

/etc/ddclient.conf:
daemon=300
syslog=yes
mail=root
mail-failure=root
pid=/var/run/ddclient.pid
ssl=yes
use=web, web=myip.dnsomatic.com
protocol=dyndns2
server=updates.opendns.com
login=your_email_address_registered_with_OpenDNS
password=your_OpenDNS_password
Your_OpenDNS_network_label
/etc/default/ddclient:
run_ipup="false"
run_daemon="true"
daemon_interval="300"

Just to rewind.. All filtering and policies work flawless on win 7 (purchased dyndns pro account - my router offer support for that). All win machine on network are now filtered. but as soon as i boot to ubuntu and try to debug by ddclient it throws error. Here is the error i get on debug - http://www.linuxques...problem-532194/

Unfortunately using -force option didnt help.

Also i followed this(https://help.ubuntu....nity/DynamicDNS) to cross check my settings for ddclient.

One more thing, i tried dnsomatic instead of opendns to update my IP but no luck there, i cant get my IP updated so that it sync's to the filtering policies.

#7 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 96
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 13 November 2012 - 13:38

What???

You sure and the hell do not need to have you dhclient login into opendns

Once you setup your IP on opendns -- is it changing like very freaking minute or something?? Then you don't have worry about it.

dynamicIP.png

Setup your public IP in opendns - then tell your clients to use opendns, or your router that forwards to opendns and your done! You can have any client on your network keep your dynamic IP updated with opendns using their client software if your router does not support it.

Do you not have Any windows clients or mac clients somewhere on your network??

But you don't have to worry about that for a while - my dynamic IP has not changed in 6 months, and only reason it did then was I changed the mac my cable modem was seeing from my physical router to a VM one, etc.

I have had the same dynamic IP for years some times.

#8 OP Koshur

Koshur

    Neowite

  • Tech Issues Solved: 1
  • Joined: 08-February 12
  • OS: Win7, Ubuntu 12.04LTS, PinguyOS 11.10, Backtrack 5R2, Zorin OS

Posted 13 November 2012 - 16:00

As far as i can tell, my ip changes at least twice in 24 hours! (or is there is a standard method to check this), and also when i drain and reboot my router (plug out the ADSL) i get a new IP everytime.

daemon=300

- did not change this value for ip renewal, just copied it for testing.

You can have any client on your network keep your dynamic IP updated with opendns using their client software if your router does not support it.

Thats right, and they suggest using ddclient for linux platforms.

Do you not have Any windows clients or mac clients somewhere on your network??

Yes i have two machine running windows, but i want to monitor a linux based machine that my brother uses. Once i test it on my linux machine, i'll configure his too to use ddclient (i have a dual boot), which is y m stuck with ddclient.


Senario 2- when i use a premium service from Dyndns. (my router CAN forward to DYNDNS.COM)
>i add my network there.
>apply content filtering (a defense plan - DF1)
>and add my credientials (hostname, username, email and pswd) on router page.
> Replace my current DNS resolvers with the following on the router :
216.146.35.35
216.146.36.36


dns.png

Now when i do all this, the filtering and rules apply instantaneoulsly to all Windows machines(for both opendns and dyndns). But not on linux clients.
dnydnscred.png

dyn.png

linuxhome.png

Tried blocking last.fm and it worked on win clients!!
lastfm.png

#9 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 96
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 13 November 2012 - 16:08

"but i want to monitor a linux based machine that my brother uses"

What does that have to do with anything?? Your all using this shared 59.177 address to access the internet are you not? So does not matter how many clients you have behind that - to opendns all queries come from this public IP.

If your isp changes your IP every time you reboot your router that is CRAZY!! But sure could happen. But to get it working and verify your filtering I think you have a few hour window where your public IP does not change.

And then you only need 1 box on your network to update IP. I don't see how your dhclient on nated box is going to work with changing your IP on opendns. It gets its IP from your router or other dhcp server on your network and going to get a private IP. dhclient would work if the box was directly connected to the public net.

Get it working before you worry about your dynamic public IP changing.

Once you have it working then you can work out how to keep opendns updated when your public IP changes.

#10 Haggis

Haggis

    Neowinian Senior

  • Tech Issues Solved: 12
  • Joined: 13-June 07
  • Location: Near Stirling, Scotland
  • OS: Debian 7
  • Phone: Samsung Galaxy S3 LTE (i9305)

Posted 13 November 2012 - 16:56

As long as you have an always on Windows lcient install the software to update IP there

i use DDclient as its a pain in the arse

Update the ip pn the opendns site and the change the DNS servers on your ubuntu box (the one that needs filtered) to the Opendns DNs Servers

This sometimes takes longer than 3 mins to get going

i use opendns to filter my network and also set it up for my sisters network too its great

#11 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 96
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 13 November 2012 - 17:20

oh my bad, I read ddclient as dhclient ;)

Sure you can use ddclient on a linux box on your network to update opendns. But why not just use one of your windows box - much simpler!!

http://www.opendns.c...ort/article/101

Are you currentlly using dnsomatic? I believe you can use that to update opendns, so you would not need ddclient running on a linux box on your network.

Like I said lets get it working - then you can worry about updating your dynamic IP.. Just refrain from rebooting your router for a few minutes so your IP doesn't change ;)

You can always update your IP via their website on opendns if need be.

edit:

If your router supports dnsomatic, or you update it with ddclient or windows client, script, etc.. It can auto update opendns for you - no need to point ddclient to opendns, or run opendns client on windows box in your network, etc

dnsomatic.jpg

#12 jnelsoninjax

jnelsoninjax

    A custom title? Cool!

  • Tech Issues Solved: 1
  • Joined: 16-December 07
  • Location: Jacksonville, FL
  • OS: Windows 7 Pro X64
  • Phone: Samsung Galaxy Exhibit SGH-T599N

Posted 14 November 2012 - 00:52

If you are using windows, OpenDNS offers a program for those who have dynamic IP address's, you can download it here

#13 OP Koshur

Koshur

    Neowite

  • Tech Issues Solved: 1
  • Joined: 08-February 12
  • OS: Win7, Ubuntu 12.04LTS, PinguyOS 11.10, Backtrack 5R2, Zorin OS

Posted 14 November 2012 - 13:31

oh my bad, I read ddclient as dhclient ;)

Sure you can use ddclient on a linux box on your network to update opendns. But why not just use one of your windows box - much simpler!!

http://www.opendns.c...ort/article/101

Are you currentlly using dnsomatic? I believe you can use that to update opendns, so you would not need ddclient running on a linux box on your network.

Like I said lets get it working - then you can worry about updating your dynamic IP.. Just refrain from rebooting your router for a few minutes so your IP doesn't change ;)

You can always update your IP via their website on opendns if need be.

edit:

If your router supports dnsomatic, or you update it with ddclient or windows client, script, etc.. It can auto update opendns for you - no need to point ddclient to opendns, or run opendns client on windows box in your network, etc

dnsomatic.jpg


Ok. going with the dnsomatic this time. Ive skipped ddclient for now. I am assuming the dsnomatic would do the job of ddclient.
Here is what ive setup now.

1- 208.67.222.222 and 208.67.220.220 as my DNS servers on routers page
router.png

2- Added network as "Home" on opendns

opdns.png

3- Synced my Opendns account with Dnsomatic here:

dnsomatic.png

4- Blocked last.fm on content filtering

lastfm.png

5 - Here is what my Linux box see as DNS servers in connection information (I am connected on wifi and not LAN)

Screenshot from 2012-11-14 18:28:49.png

After all this i rebooted the my linux client and tried to access the blocked site "last.fm". And i can still access it. :((

NOW here is the funny part. Again its working on my win machines. I checked it within the VMware (win xp) which is in a bridged mode on this very linux machine. !!.
lastfm.png

bridge.png


This thing is really annonying me. Dont know what i am missing..loosing my kool on this one... :/

If you are using windows, OpenDNS offers a program for those who have dynamic IP address's, you can download it here


All good on win clients but not on linux.

#14 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 96
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 14 November 2012 - 14:26

Dude its simple enough to test - from your linux box query opendns for the domain you have blocked.

Here I don't even use opendns and it took me 2 seconds to get that domain blocked if I would use it.

blockeddomain.png

And I am not updating my dynamic IP ;)

Notice the IP returned when I query opendns server directly for last.fm

testopendns.png

Notice the IP returned when I query my router that is using my isp dns.

Now here is same test of one of my linux boxes on my network

linuxtest.png

Now my linux box is running bind and goes direct to roots for dns. Which is why I pointed to localhost for dns query.

from your linux box do a ping of last.fm what does it reply?? If the correct IP, then is it cached? Do a dig +trace to see where its getting dns from. Do the simple test I did with dig or nslookup

Is your linux box browser using a proxy? You sure your browser doesn't have it cached? All you have to do is simple dns query to verify if opendns block has been enabled or not.

#15 OP Koshur

Koshur

    Neowite

  • Tech Issues Solved: 1
  • Joined: 08-February 12
  • OS: Win7, Ubuntu 12.04LTS, PinguyOS 11.10, Backtrack 5R2, Zorin OS

Posted 14 November 2012 - 15:50

from your linux box do a ping of last.fm what does it reply?? If the correct IP, then is it cached? Do a dig +trace to see where its getting dns from. Do the simple test I did with dig or nslookup


Here is the output:-

Selection_010.png

You were right, the culprit is the dnscache, its still getting cached from my ISP DNS servers. 59.179.243.70
I Tried to clear cache(on root prompt) using
/etc/rc.d/init.d/nscd restart

Selection_008.png

but i get the error that nscd does not exist, while i can see it in synaptic manager here:
Selection_009.png
Is your linux box browser using a proxy? You sure your browser doesn't have it cached? All you have to do is simple dns query to verify if opendns block has been enabled or not.

Nope.. No proxy on linux box
Selection_006.png

HANG ON there... found the correct command to flush dns cache. Flushed the cache and ran a dig on last.fm. Here is the output this time:
Selection_011.png

What could be going wrong now. ?

Edited by Koshur, 14 November 2012 - 15:57.