Jump to content



Photo

How to monitor my LAN network traffic

lan traffic

  • Please log in to reply
31 replies to this topic

#16 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 75
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 14 November 2012 - 17:04

well your last couple of command were wrong!

You were trying query last.fm as your nameserver with that @ in front of it

just do dig last.fm

what does that respond with.

the @ tells dig to ASK that server or IP for the record after.. For example

dig last.fm

would ask whatever your box is set for dns for the record last.fm

dig @last.fm would ASK last.fm for nothing - so if was a dns server then it would return roots most likely.

drop the @ from your dig last.fm command and what does that return now - and then check if blocked via your browser

So for example duplicated your command but used the opendns IP, which is a dns server

dig @208.67.222.222

; <<>> DiG 9.8.1-P1 <<>> @208.67.222.222
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7587
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;.							  IN	  NS

;; ANSWER SECTION:
.					   518400  IN	  NS	  c.root-servers.net.
.					   518400  IN	  NS	  f.root-servers.net.
.					   518400  IN	  NS	  e.root-servers.net.
.					   518400  IN	  NS	  h.root-servers.net.
.					   518400  IN	  NS	  l.root-servers.net.
.					   518400  IN	  NS	  a.root-servers.net.
.					   518400  IN	  NS	  i.root-servers.net.
.					   518400  IN	  NS	  b.root-servers.net.
.					   518400  IN	  NS	  m.root-servers.net.
.					   518400  IN	  NS	  d.root-servers.net.
.					   518400  IN	  NS	  j.root-servers.net.
.					   518400  IN	  NS	  g.root-servers.net.
.					   518400  IN	  NS	  k.root-servers.net.

;; Query time: 81 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Wed Nov 14 11:06:32 2012
;; MSG SIZE  rcvd: 228

problem is when your last command that last.fm is NOT a nameserver ;) Now if you want to query the last.fm nameservers directly you could do that with.

; <<>> DiG 9.8.1-P1 <<>> @ns1.cbsig.net last.fm
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62032
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;last.fm.					   IN	  A

;; ANSWER SECTION:
last.fm.			    3600    IN	  A	   195.24.232.203

;; AUTHORITY SECTION:
last.fm.			    259200  IN	  NS	  ns1.cbsig.net.
last.fm.			    259200  IN	  NS	  ns5.cbsig.net.
last.fm.			    259200  IN	  NS	  ns2.cbsig.net.
last.fm.			    259200  IN	  NS	  ns4.cbsig.net.

;; ADDITIONAL SECTION:
ns1.cbsig.net.		  604800  IN	  A	   170.20.0.16
ns2.cbsig.net.		  604800  IN	  A	   170.20.0.17
ns4.cbsig.net.		  604800  IN	  A	   64.30.236.14
ns5.cbsig.net.		  604800  IN	  A	   64.30.236.15

;; Query time: 39 msec
;; SERVER: 170.20.0.16#53(170.20.0.16)
;; WHEN: Wed Nov 14 11:09:26 2012
;; MSG SIZE  rcvd: 186


ns1 - ns5.cbsig.net are the authoritative servers for last.fm domain.


#17 OP Koshur

Koshur

    Neowite

  • Tech Issues Solved: 1
  • Joined: 08-February 12
  • OS: Win7, Ubuntu 12.04LTS, PinguyOS 11.10, Backtrack 5R2, Zorin OS

Posted 14 November 2012 - 17:35

Here is the output for dig last.fm

umayrz@umayrz-HP-ProBook-4530s:~$ dig last.fm
; <<>> DiG 9.8.1-P1 <<>> last.fm
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47297
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;last.fm.   IN A
;; ANSWER SECTION:
last.fm.  15 IN A 195.24.232.203
;; Query time: 14 msec
;; SERVER: 59.179.243.70#53(59.179.243.70)
;; WHEN: Wed Nov 14 23:04:01 2012
;; MSG SIZE  rcvd: 41
umayrz@umayrz-HP-ProBook-4530s:~$

SInce dnsomatic still shows" waiting for first update"
upd.png

I am also looking at this article(http://www.opendns.c...port/article/92), Tried updating through a URL

"Note: The URL to use to send an IP address update to OpenDNS is:
https://updates.open...date?hostname="

It returned as - good 59.177.xxx.xx

Edited by Koshur, 14 November 2012 - 17:42.


#18 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 75
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 14 November 2012 - 19:53

Look what server you asked in that lookup

59.179.243.70
That is not opendns - so no your not going to be blocked! Your box has to ask opendns server for last.fm, or they have to ask something that asks opendns for last.fm if you your asking
59.179.243.70
Then no **** its going to return the IP for last.fm not a block IP that points you to opendns block page.

Thought you set your linux box to use opendns -- clearly its not, since from your query it asked
;; Query time: 14 msec
;; SERVER: 59.179.243.70#53(59.179.243.70)
;; WHEN: Wed Nov 14 23:04:01 2012
;; MSG SIZE rcvd: 41

I would assume that is your isp dns?

How did you change what dns to use? And what linux OS are you running? ubuntu, centos, redhat, mint? Lots of people have issues changing their linux dns servers since they are unaware that changes in say resolv.conf get over written, etc.

But clearly you not asking opendns for last.fm from that command - so no your not going to get blocked!

As to why dnsomatic is not updating - what did you setup to update dnsomatic? your router? Did your IP change? If not then it prob not going to update dnsomatic.

edit: so I edited my linux dns to point to opendns, now I do a simple dig and you notice the server it asked

budman@ubuntu:~$ dig last.fm

; <<>> DiG 9.8.1-P1 <<>> last.fm
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24472
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;last.fm. IN A

;; ANSWER SECTION:
last.fm. 0 IN A 67.215.65.131

;; Query time: 36 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Wed Nov 14 14:41:44 2012
;; MSG SIZE rcvd: 41

from your command clearly your not asking opendns - so no your never going to get the wrong IP that points you to the block page.

#19 OP Koshur

Koshur

    Neowite

  • Tech Issues Solved: 1
  • Joined: 08-February 12
  • OS: Win7, Ubuntu 12.04LTS, PinguyOS 11.10, Backtrack 5R2, Zorin OS

Posted 15 November 2012 - 02:42

I would assume that is your isp dns?


Indeed SERVER: 59.179.243.70#53(59.179.243.70) is my ISP DNS.

How did you change what dns to use? And what linux OS are you running? ubuntu, centos, redhat, mint? Lots of people have issues changing their linux dns servers since they are unaware that changes in say resolv.conf get over written, etc. But clearly you not asking opendns for last.fm from that command - so no your not going to get blocked!


I am using Zorin 6 OS based on12.04. Not sure how would i make it update the resolvconf for DNS servers. Here is how i put my linux box on Open DNS. I believe this is how we do it??
Selection_012.png
And since my last screenshot about "connection information" shows this linux box getting OpenDNS servers, I assumed that i am running on open DNS unless it not actually getting updated in the some config file at the backend.

As to why dnsomatic is not updating - what did you setup to update dnsomatic? your router? Did your IP change? If not then it prob not going to update dnsomatic.

Nope. the IP has not changed, coz i left the router ON for overnight..I just added the service of OpenDNS family by logging in with opendns username and pswd. It showed up my network label i.e Home. and since then its "waiting for update', probably coz the ip has not changed since it added the service. I will reboot and see if it catches the new updated ip. If not autmatically, i am fine with running that update URL, whatever it takes to get it working..

#20 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 75
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 15 November 2012 - 16:04

your set for dhcp - so it would more than likely just use what your dhcp tells it to use. Not what you set in there?? I don't run a linux gui, just shell so not sure where you would set it in gui.

I thought your router was suppose to be handing out opendns? Doesn't seem to be doing that either. Check one of your window boxes for ipconfig /all and it will show you what dns it got from your dhcp server?

example

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
Physical Address. . . . . . . . . : 00-1C-23-53-CF-38
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.56.41.187
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.56.41.1
DHCP Server . . . . . . . . . . . : 10.56.144.21
DNS Servers . . . . . . . . . . . : 10.56.144.20
10.56.144.21
Primary WINS Server . . . . . . . : 10.56.144.11
Secondary WINS Server . . . . . . : 10.56.144.12
Lease Obtained. . . . . . . . . . : Thursday, November 15, 2012 9:52:48 AM
Lease Expires . . . . . . . . . . : Thursday, November 15, 2012 9:52:48 PM

If your linux box is dhcp - I would just fix your dhcp server (router) to make sure its handing out opendns.

#21 OP Koshur

Koshur

    Neowite

  • Tech Issues Solved: 1
  • Joined: 08-February 12
  • OS: Win7, Ubuntu 12.04LTS, PinguyOS 11.10, Backtrack 5R2, Zorin OS

Posted 15 November 2012 - 17:48

Just checked the ipconfig/all on my Desktop on the LAN (win client). Filtering woks well by the way.. last.fm is being successfully blocked on this one. Here is what it shows:
Ethernet adapter Local Area Connection:
		Connection-specific DNS Suffix  . :
		Description . . . . . . . . . . . : Marvell Yukon 88E8001/8003/8010 PCI
Gigabit Ethernet Controller
		Physical Address. . . . . . . . . : 00-14-85-9D-1D-45
		Dhcp Enabled. . . . . . . . . . . : Yes
		Autoconfiguration Enabled . . . . : Yes
		IP Address. . . . . . . . . . . . : 192.168.1.4
		Subnet Mask . . . . . . . . . . . : 255.255.255.0
		Default Gateway . . . . . . . . . : 192.168.1.1
		DHCP Server . . . . . . . . . . . : 192.168.1.1
		DNS Servers . . . . . . . . . . . : 208.67.222.222
		208.67.220.220
		Lease Obtained. . . . . . . . . . : Thursday, November 15, 2012 10:16:08 PM
		Lease Expires . . . . . . . . . . : Friday, November 16, 2012 10:16:08 PM

My default gateway and DHCP server are both showing same value. Is that ok?

Here is what my router shows on:-
WAN setting page
WAN.png

LAN side:
LAN.png

DHCP pool summary
Selection_015.jpg

I thought your router was suppose to be handing out opendns? Doesn't seem to be doing that either


My router only support Dyndns. I can try switching to that. However, currently with Open DNS, i though putting the DNS servers manually on the LAN side and syncing it on dsnomatic was what was needed. Although i do ran that IP updater URL but the status on dnsomatic still shows "waiting for update". The IP has changed by the way..
Selection_014.png
Sorry.. i am being a little too messed up here but this **** is driving me nuts and I am not the form the patient fellas. :/

#22 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 75
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 15 November 2012 - 18:28

dyndns is not going to update opendns. You need something to update opendns, dnsomatic can do that for you - but you would have to run a dnsomatic client on some machine on your network if your router does not support dnsomatic. Or run the opendns client on some machine on your network

yes your gateway is going to be your router, and your router is your dhcp server - that is common config.

So did those dns come from your dhcp - or did you set them static in your windows. Windows allows you to easy set static dns while getting IP from dhcp. If it came from your dhcp server then linux should be getting it as well unless at somepoint you had set your isp dns statically on the box?

Clearly your linux box is not using opendns- it was using your isp dns. So it would not be blocked.

If your IP changed you better make sure that opendns reflects that change or even if your using opendns blocks wont work how you set them.

#23 xendrome

xendrome

    In God We Trust; All Others We Monitor

  • Tech Issues Solved: 8
  • Joined: 05-December 01
  • OS: Windows 8.1 Pro x64

Posted 15 November 2012 - 18:40

I'm just curious, what does OpenDNS have to do with monitoring the traffic on your LAN?

#24 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 75
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 15 November 2012 - 20:43

I would of used different subject as well - but he can use opendns to monitor top domains accessed.

Subject should be help with using opendns ;)

#25 smith.s

smith.s

    Neowinian

  • Joined: 06-November 12

Posted 16 November 2012 - 09:38

Look@LAN Network Monitor. A free software to track lan traffic.

#26 Haggis

Haggis

    Neowinian Senior

  • Tech Issues Solved: 7
  • Joined: 13-June 07
  • Location: Near Stirling, Scotland
  • OS: Debian 7
  • Phone: Samsung Galaxy S3 LTE (i9305)

Posted 16 November 2012 - 10:16

As budman says your ip has been updated with opendns as your other box is blocking it

Posted Image-

there should be an option on the drop down that says use dhcp for IP address only or soemthing like that

#27 mcloum

mcloum

    Neowinian

  • Joined: 07-November 02
  • Location: UK

Posted 16 November 2012 - 10:24

I alwasy find it funny when people blur out their MAC addresses of internal cards when they have a none routable IP address set :)

#28 OP Koshur

Koshur

    Neowite

  • Tech Issues Solved: 1
  • Joined: 08-February 12
  • OS: Win7, Ubuntu 12.04LTS, PinguyOS 11.10, Backtrack 5R2, Zorin OS

Posted 17 November 2012 - 17:23

dyndns is not going to update opendns. You need something to update opendns, dnsomatic can do that for you - but you would have to run a dnsomatic client on some machine on your network if your router does not support dnsomatic. Or run the opendns client on some machine on your network


Ok.. so here is what i did - ran the client updater software on a win client. It updated the IP for Dyndns (cancelled open DNS for the moment)

So did those dns come from your dhcp - or did you set them static in your windows.

Win client is set to get it dynamically and the filtering works well, when i update the IP through the updater software.

Windows allows you to easy set static dns while getting IP from dhcp. If it came from your dhcp server then linux should be getting it as well unless at somepoint you had set your isp dns statically on the box?

I have set Dyndns servers as static in my router page, and it shows up in the status page as well. Exactly, if its coming dynamically for win, they why not for the linux box? why does it still show my ISP DNS? I have to put the static on my linux box (putting in Dyndns servers) so that i can get online.

Clearly your linux box is not using opendns- it was using your isp dns. So it would not be blocked.

If your IP changed you better make sure that opendns reflects that change or even if your using opendns blocks wont work how you set them.


Bottom line -

>If by putting static Dyndns servers on router only,
>updating IP through updater client (on win client)
= the win client picks up the servers dynamically + the filtering works on win client ONLY

BUT


>If by putting static Dyndns servers on router only,
>updating IP through updater client (on win client)
>putting the same DNS servers as static on linux box ( have to do this - i cant go online without this step) - see this link for IPV4 setting tab option
filtering does not work and the dig command to last.fm shows ISP DNS servers being used.


As budman says your ip has been updated with opendns as your other box is blocking it

Posted Image-

there should be an option on the drop down that says use dhcp for IP address only or soemthing like that


Check this link(see the steps - #4) which shows the various option for IPv4 settings tab.

P.S - i ran a clean format of my zorin installation, just incase it was some already existing messed up config files that were interfering with the DNS cache. and ofcourse i messed up my boot too... :/

#29 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 75
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 17 November 2012 - 20:09

Your making something so freaking simple so complicated.. I just don't know what you are not understanding about such a simple concept.

Does not matter if you use opendns, dyndns, scubit.com, https://dns.norton.c...b/dnsForHome.do etc.. etc.. etc...

They all need to know what your public IP is - this is where the queries will come from. Be it your router on behalf of your clients, your clients directly, some other local dns your running that forwards there, etc.

So that they can setup the policies you want, level of filtering, custom blocks, etc.. Now as long as they have your current IP you don't have to worry about updating them -- UNLESS your ip changes. But like you said until you reboot your router this does not change. So DONT reboot you router for a while.

Now what should happen is your router dhcp server should tell your clients to use opendns, googledns, etc. directly!!! ie hand out 1.2.3.4 (ip address of service dns) Or hand out itself as dns for your dhcp clients. So windows/linux/beos/freebsd/aix/openbsd/hp-ux/suse/etc will either use the service dns directly or ask your router! (192.168.1.1)

If they are asking your router - then your router needs to ask 1.2.3.4 vs your ISP.

So either your dhcp is not handing out opendns/googledns/dyndns like you think it is! Your windows box clearly was using opendns - so on the IPv4 properties tab.. What do you have set??

dhcpordns.png

If this got opendns from DHCP then your linux box should be setup the SAMEWAY!!! Then just doing

dig something.tld will tell you what server it is asking! If still asking your ISP. Then contact your support for that OS (never heard of it btw - why not just use a commong distro like ubuntu if that is what its based off of)

This is should take you all of about 2 minutest TOPS to configure and get working on every single box on your network!! As I told you I don't use opendns and had my boxes being blocked from using last.fm in 30 seconds.

Once you know how your clients are getting their dns servers be it static or what your routers dhcp is handing out. And what your router is doing if asked for dns. Then you can worry about running an update client on one of your computers to keep the service you picked updated for when your public IP changes.

If you are still having issues - PM me and I will teamviewer into your network and get it working for you in 2 minutes.

#30 Haggis

Haggis

    Neowinian Senior

  • Tech Issues Solved: 7
  • Joined: 13-June 07
  • Location: Near Stirling, Scotland
  • OS: Debian 7
  • Phone: Samsung Galaxy S3 LTE (i9305)

Posted 18 November 2012 - 19:03

Change the setting to DCHP Addresses only



Click here to login or here to register to remove this ad, it's free!