Wireshark-users: Re: [Wireshark-users] How to see HTTP hosts visited

Date: Tue, 13 Nov 2007 10:08:24 -0600 (CST)
This may be a bit more difficult than it needs to be.  Is your linksys
router actually your internet gateway?  You said your internet connection
is wireless, and your drawing lists your pc as the wifi hub.  So is your
outgoing internet connection your computer via the wifi, or the linksys
via something else?

If your computer is the gateway, then everything is flowing through it
anyway, and you should have no problem looking at the ethernet port from
your pc plugged into the switch to see all traffic.

If the linksys is the gateway, then you will need to do something else to
see the traffic.  You can find a way to do the trace on the linksys itself
through the linux firmware (there may be compatible non linksys firmware
releases that do this, I'm not sure - ddwrt is a popular replacement
firmware that has many more features than the linksys one but I've never
used it).  You can setup your desktop as your son's default gateway,
thereby forcing all traffic to be sent from his pc, to the linksys, to
your desktop, then back to the linksys to go out.  It should work, but of
course it adds some lag time, and your machine would need to be left on
continuously.  The same thing is accomplished by installing a web proxy
package on your computer and pointing his browser to it.  The linksys may
even have an option that's not enabled to perform logging of internal
access (usually only external access attempts are logged by default).  Or
you can remove the wireless card from your son's pc, purchase a $20 hub
(not a switch) and place it inline between your son's pc and the linksys. 
Then you would simply connect your machine to the hub every time you want
to look at his traffic.

I would never discourage somebody from doing packet analysis, and as much
as I love sifting through packets, if you're already using nanny software
and it's functioning properly (he hasn't figured out how to bypass or
disable it), you may just want to enable full logging in the tool, and
that should give you a list of everything he does online.  I'm sure there
are standalone tools that do this as well that would stay running when/if
you disable the nanny tool for his approved research times (such as a web
proxy package).

Some type of logging local on his machine is what I would choose if it
were me and I was set on using wireless.  As he learns more about
computers, he'll realize that all he has to do to bypass your logging is
change the wireless settings on his computer to connect to the neighbor's
access point.  If you're using regular ethernet, then of course you can do
any monitoring you want outside of his computer on the local network and
he can't bypass it if setup correctly.  Wireless monitoring via one of the
options above will work just fine as long as you realize it isn't 100%
effective.  It all depends on how savvy he and his friends are, and how
much you trust him.

Good luck!

Kevin.


> On 13 Nov 2007 at 12:00, Andreas Fink <afink@xxxxxxxxxxxxx> wrote:
>> the two switches are not forwarding packets to your PC as the
>> destination of the packets are not meant to receive it
>> You need to do the tracing on the WRTG54G itself (if it runs some
>> linux for example) or it should forward packets.
>
> I believe it is running a linux OS, but I don't know of any way to change
> its
> programming to tell it to forward the packets.  Even if I dug through the
> source (which is available on the Linksys site!), I couldn't change the
> code in
> the router.
>
> It has a Port Forwarding feature, but I think that's only to forward
> specific
> ports from the outside (internet) to an IP on the LAN.  I could tell it to
> forward
> port 80 traffic to my PC, but I think that would only forward incoming
> port-80
> requests from outside, not the port-80 traffic from my son's laptop.
>
> (User manual, GPL source, etc are all available at
> http://www.linksys.com/servlet/Satellite?c=L_CASupport_C2&childpagename
> =US%2FLayout&cid=1166859837401&packedargs=sku%3DWRT54G&page
> name=Linksys%2FCommon%2FVisitorWrapper&lid=3740137401B01&displa
> ypage=download#versiondetail
> )
>
>> I dont think even without the two switches you will see the packets as
>> they come/go from DSL and WLAN. So the WRT will not forward it to you
>> because it knows (or thinks) you are not looking for those packets.
>
> What about computers that are connected directly to the WRT's ports, with
> no switches in the way?  Would they see the packets, or would the WRT
> still
> not forward the packets to those ports because they aren't the target of
> the
> packets?
>
> If none of those tricks work, then I guess the only way to do this is to
> run
> Wireshark on my son's laptop.  Not the greatest solution.  Ohwell....
>
> Thanks,
> Gary
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>