|
Belgium6753 Posts
Hi,
since this year I got my own room in the city and share the house with other students.
2 friends and I shared an ADSL connection, which is currently limited to 30gb (but we'll upgrade to 60gb soon) (and yeah I know, its fucking sad. damn bw limits in belgium) until my neighbour asked whether she could join us, so we let her in, explaining that she shouldn't download too much, etc.
Now, I don't have any way of monitoring who downloads what amount, but I pretty much see her online all the time on the routerpage. And our main bandwidth-meter is peaking since she came back from xmas vacation. So I'm getting kind of suspicious that she has one of those dumbass limewire type of progs to dl music or w/e.
I don't want to accuse her without actual proof though, and I don't know her well enough to see whether she's lying when I'd ask her, so I'd rather go for a more fair solution: network monitoring.
My question now is: how? This is a network with 3 pcs and 1 mac (though im fairly certain the mac will have a small amount of usage). I'm really bad at setting up MS networks and such. Is http://www.bwmonitor.com/ a good option to put on each individual comp? How would I install it on everyone's computer so that it stays fairly hidden? (I wouldn't want something that is easily backdoored by a quick ctrlaltdel kill)
Is there a program like this that forwards the information to an email address?
As probably more people in the building will join our network (and as the only guy that knows his way around pcs) I wanna make sure everything is kept fair, so that when extra volumeblocks have to be purchased the people at fault have to pay for them.
|
You can try to learn to use a network analyzer like Wireshark
http://www.wireshark.org/
There are videos to learn hot to use it on the site
it's not for beginners though
|
There are packet sniffing programs that will allow you to passively scan whatever wireless network packets happen to be hitting your computer, and will give you an idea of who's doing what over the net. Wireshark should work (and give you an idea of the packet types being used), though there might be one specifically designed for wireless networks (I don't know of one that runs on Windows).
Far easier and a bit more ethical than installing spyware on everyone's computer (as long as you don't use it to spy on people, or steal poorly-encrypted passwords or whatever ).
|
Belgium6753 Posts
Okay I'll try to learn wireshark and see how that fares. Thanks.
and lol, its really not my intention to install spyware. I'm would only install a program that logs the amount of data being transfered, nothing more. And with their full knowledge ofc.
|
For my understanding, if you have a router (i.e. not a hub), then only packets on the network that are necessary for your computer to receive will be forwarded to you. So that's singlecast packets directed to you and some broadcast transmissions (non-data management packets, i.e. not something you're interested in monitoring). A dumb layer 2 Ethernet hub just forwards everything seen on one port to all the other ports, but this is not the case for your standard home networking router.
If your computer does not receive packets intended for your neighbor, you won't know about them obviously, and cannot pick them up on packet sniffing programs such as Wireshark.
To use something like Wireshark for this purpose, you would need to set up a computer between the router and modem with 2 ethernet ports. So data comes in from the router from any one of the computers, gets recorded by Wireshark, and then sent out the other port to the modem and internet (or the reverse direction).
A better solution would be to see if your router can log bandwidth usage per client. I know my router keeps track of total bandwidth usage, but it doesn't keep track of which computers did what. If your router can't, maybe one of the alternative firmwares like DD-WRT or Tomato would support it. You'd need to flash the router with this new firmware. Or maybe run tcpdump (an old Unix utility that does the same core packet sniffing as Wireshark) directly on the router, but most consumer routers would be hard-pressed to store any data or log them remotely. Sounds difficult or not possible to me, sorry.
Btw feel free to correct me if I made a mistake. My IP networking knowledge sux. Hopefully I overlooked something and there is an easy way.
|
Belgium6753 Posts
But Myrmidon, she's using wireless. Wouldn't that mean that I can sniff packets that she receives and sends?
(oh and, when you sniff a packet, it shows the size right? So I could theoretically monitor BW usage?)
I've wanted to get DD-WRT but the router here is some crappy standard router the ADSL company installed here. I have a friend that has a spare router, maybe I can configure this router to act as a switch(since its already configured with the ADSL login and all) and use my friend's router + DDWRT?
|
Oh wait, if she uses wireless then it's easier as you don't need a computer between router and modem. Don't bother with DD-WRT
In a normal mode of operation, wireless adapters listen to everything on the air that they can but only pass to the operating system those packets intended for the computer. Most wireless adapters will support going into monitor mode, in which it passes through everything it hears but doesn't transmit anything itself. i.e. an adapter doing this cannot connect to the router but only listen.
However, Windows doesn't let you go into monitor mode. Well, I think some people market expensive specialty wireless adapters that will do monitor mode in Windows, but that's more trouble than it's worth.
Look up your wireless adapter and see if it can do monitor mode. If not, you might be able to find a cheap device that can. Then get some Linux and install Wireshark on it. Then you can set your device to monitor mode and start capturing all the packets (in your frequency) on the air.
You'll be able to see most of her packets, depending on the SNR and interference levels, etc.
Yes, when you sniff a packet it shows the size. It also shows all the contents. You have the option of saving all the contents or just keeping some key stats like the size and timestamp, etc. With a program like Wireshark you can filter all captured packets for any kind of parameter, including her wireless MAC address (so you can look at all packets she is sending and receiving).
Note that if you are using WEP encryption and know the WEP key, you'll be able to decrypt all her traffic at the wireless level. Keep in mind that most sensitive data is encrypted at the transport or application level, like encrypted web pages i.e. https://.... With WPA I don't think that's possible but I forget.
To be most accurate, you want to see how much data the router is sending her over the air, eliminating any retransmissions (duplicates if the previous attempt failed). Then check how much data she is sending to the router, again eliminating any retransmissions so you don't double-count any data that is going out of the router once. Anyhow you'll easily be able to get a good estimate.
There's a whole bunch of info online about getting adapters into monitor mode in Linux. It depends on the chipset of the adapter and the driver you are using, but most standard is something like "$ sudo iwconfig <adapter name> mode monitor channel X" if your router is set to channel X.
|
|
|
|
|
|
EPT
