Networking :: Capture And Log All LAN Traffic - No Access To Router Or Firewall
Jun 10, 2009
I am looking for a solution for our LAN traffic monitoring and would like to use some opensource linux application. I have a linux box with two NIC cards and what I thought is the following: Our setup is as follows. Internet comes in through the router and into the firewall. From the firewall it goes into our switch and distributed among the workstations.
I have no access to the router or the firewall as they are centrally configured. I would like to place a device into the loop through which I could monitor the LAN traffic.
Can I put a linux box between the firewall and the switch and have all packets going through registered and logged? I have a proxy server (non transparent) and that captures some but not all. I would like to get all packets registered without interfering with the LAN etc.
View 3 Replies
ADVERTISEMENT
Aug 8, 2010
I get all my traffic from my router, as this computer seldom moves. So is there a use for a firewall?I am not sure, because when I scan my IP address with nmap, no matter what the changes I make in the firewall, it is always the same scan...cannot fingerprint OS...and all closed ports.The all closed ports thing only changes when i torrent, then i get a wide open port.
View 14 Replies
View Related
Sep 29, 2010
I need to set up my centOS computer as a firewall in my home network. Ive got 2 interfaces, eth0 and eth1. I want to allow and forward all traffic on eth0 and block all traffic on eth1 except ssh, ping(icmp) and DNS. How do I do this? Ive tried some editing in /etc/sysconfig/iptables but no luck.
View 1 Replies
View Related
Jul 3, 2011
I'm running ubuntu 11.04, and using firestarter for my firewall. Logging events, all good, but I'd like to be able to (tcp)dump the packets being dropped/rejected. Wireshark is great after the event, but can I hook iptables and tcpdump together somehow so the system logs the entire packet rather than the summary when it says "no"? I've had a quick look/google, but can't find anything. I'm sure somebody must have wanted to do this before - any pointers people?
PS - will keep looking and post the answer if I find one....
View 5 Replies
View Related
Jul 3, 2010
Does anyone know if it is possible to filter/block network traffic between internal hosts on a lan?
Eg. : Linux firewall/router ( 192.168.0.1) - LAN Default G/W - all internal > external traffic gets filtered.
How would you filter tcp/ICMP/UDP traffic from internal host a ( 192.168.0.2 ) to host b ( 192.168.0.3)
All the internal hosts have the linux f/w as the default gateway, and are all on the same /24 subnet.
I would like to know if I can filter traffic between internal hosts.
View 3 Replies
View Related
May 2, 2010
I have a ubuntu computer set up as bridge between gateway and lan, with the lan connected to eth0 and gateway on eth1.
I'm trying to get it to basically block everything incoming except for the ports i specify, but also allow outgoing traffic. I've found, tried, modified som examples i found on the web, but still it wont block incoming traffic (ie, im still able to reach my webserver)
These are the rules, and i can't figure out why it wont block:
Code:
#!/bin/bash
iptables -F
iptables -X
iptables -I INPUT -i eth1 -j DROP
[Code].....
View 1 Replies
View Related
Jan 8, 2010
is it possible to see the router traffic using a remote system? can those packet headers b modified for marking purpose?
View 5 Replies
View Related
Jul 27, 2010
I have a desktop, a laptop, & a wireless router. The router, unfortunately, doesn't support dd-wrt, tomato, etc firmware, but I would still like to prioritize voip/web browsing over bulk Internet traffic. I hope I can offload the router's missing QoS to my desktop.
Is it possible to have the laptop's connection go from the wall to the router to the desktop, where the desktop could perform the QoS of tomato, then continue on to the laptop? I'm a bit of a noob to networking (subnets?) but do well enough following good instructions.
As for the program that would do the QoS... Don't some Linux machines basically work as super-powered routers for businesses? So there must be some package but couldn't find one. The closest I got was wondershaper but it only shapes traffic for the computer on which it's installed; it might form part of the solution but falls short on its own. other devices should be able to access the Internet normally if the desktop is turned off, & work with other devices like a (jailbroken) iPod Touch.
View 1 Replies
View Related
Aug 9, 2010
In my "computer room" I have an ATT U-Verse TV decoder box and my computer connected to a Netgear Switch. The third port on the switch connects to the ATT router. I've just noticed that when I power on the U-Verse TV box I start getting a lot (200-250 KiB/s) of received packets on my Debian Lenny machine as shown in the System Monitor app. I don't show any outgoing traffic in response. That explains why the lights on the switch are blinking at the same rate for both devices. So, what, if anything, is this telling me? Is this normal, or is the ATT router spamming my Linux machine for some reason? Is this a potential problem?
Added: Or is this just telling me that the NetGear FS-105 is not actually an ethernet switch?
View 4 Replies
View Related
Apr 22, 2011
I am using Debian 5 and I have some networking experience, however I want to learn to do this the best way possible. I have a Debian box with two nics and I want to connect that to a switch and use my Debian box as a router basically, as well as having a firewall setup within that too.
Should I use iptables to set up nat or the route command or what? I just want to know the group of tools to use in order to set up my network. Network diagram: Internet <------> Debian Box <----> switch <----> hosts I found some guides but they are for linux 2.4 and i'm not sure if they are right.
View 1 Replies
View Related
Feb 9, 2010
I want to setup a router with firewall on ubuntu box that will connect windows pcs one serving as outside source and one serving as inside target.
View 2 Replies
View Related
Apr 23, 2010
I have seen tutorials on setting up a secured firewall/router/gateway using ubuntu server as the platform. However, I am wondering if anyone has had experience with using an aircard (wireless broadband card via usb) to set up a router.
Which card do you recommend? Any precautions? Any specific code already written to automatically recognize mobile broadband cards and restart the connection if it goes stale?
View 8 Replies
View Related
Jan 28, 2011
post the "perfect" tutorial for setting up a router and firewall for Ubuntu 10.10 Server 64-bit? I'm kind of a n00b when it comes to Linux, so I get really confused with some things, I have seen things on the ubuntu wiki about this... but it really confuses me =
I'm trying to setup my ubuntu sys as a router and firewall... Internet -> Ubuntu (Router) -> Switch (no DHCP on it) -> Computers I've already setup bind and dhcp3 and got those working perfectly... I've also setup Squid3 and Dansguardian for content filtering (blocking ads and such) and got them working too... I want to set it all up to be transparent, and allow the system itself to function as a powerful firewall router, giving absolutely NO issues to client computers connected, and no speed reduction at all.... I want to setup the firewall to allow all outgoing connections, but block everything incoming (stealth the network)... Forcing all http/s traffic to pass through dansguardian, then to squid...
But am very confused on how to pull this off... The system is running Ubuntu 10.10 Server 64-bit, with 4 GB of RAM, 320 GB SSD, and two 1Gb NIC cards... Sorry if I'm not very clear, I do speak english perfectly, but just kinda new to the "Linux world", I was using SONICWALL but that's getting a little too costly to my network and wanna do a free alternative... Something completely CUSTOM, not using some network security distro.
View 1 Replies
View Related
Jul 20, 2011
I want to do is setup a gateway(or router, idk what Ubuntu refers to it as.). So my set up would be Modem>Server>Switch>Router. I know that I need to set up it up as a DHCP server as well. I would also like to setup it up as a firewall too. I already have two Gbit cards that are already configured. So how do I do this? I already tried one tutorial, but it was old and was for Debian. I also installed ebox, but I couldnt figure that out either.
View 2 Replies
View Related
Jul 6, 2010
I am trying to do my graduation project, it's labeled under "linux secure router", and I should build a linux based router equipped with firewall and ACL management...Some people advice me to use linux ubuntu distribution todo this I try to do that but I don't know where to start form
View 3 Replies
View Related
Jan 27, 2010
I'm mentoring my local high school's IT club as they prepare to participate in a cyberdefense competition (see IT Olympics). Generally we are given four boxes and need to set up a network that provides certain services (which services change from year to year, but usually include a web server, email server, FTP server, and an application server of some sort) and support client PCs that connect from the WAN. The red team then tries to break into our network to steal "flags" from our servers and to set their own "flags" on our servers.
Generally we set up the firewall with two network interface cards (one to the WAN and one to our LAN), and connect the LAN NIC to a router, which then connects to the other three boxes. But we do have the option of installing additional NICs in the firewall and configuring it as a router. I can't shake the feeling that there is a security advantage to such a configuration, but I can't say what that advantage is. Perhaps something with configuring ipTables on the internal boxes to accept connections only from the firewall's NIC, and then only for the services we want that box to support (to prevent an intruder from connecting directly from one box to another)?
View 2 Replies
View Related
Jan 26, 2010
I am trying to make a vnc connection from pc #2 to pc #1. Pc #1 is a debian pc behind a zyxel router (P-2602HW-D1A). Pc #2 is a windows xp pc another place at the internet.I have configured the zyxel router to forward incomming trafic on port 5902 to the local ip-adress of the debian box. The debian box is running a vnc server, listening on port 5902.But i dosn?t work.I have tryed to scan the zyxel routers ipadress on port 5902 from the internet, but the scanner says that the port is closed.The vnc server on pc #1 is working fine on the local network. I can connect to the server from a pc on the same side of the zyxel router.Is it deffenitly a router problem, or could it have something to do with debians own firewall?
View 2 Replies
View Related
Jan 12, 2011
could set up a firewall on my linux machine? I have is to connect my router wired to the linux machine and then from the linux machine to my main computer, and obviously routing the internet connection through the linux box as a firewall. I use a Netgear DG834G router
View 9 Replies
View Related
Mar 13, 2011
I'm getting a timeout error from NetworkManager when attempting to connect to my router/firewall.
Excerpt from /var/log/messages attached.
View 1 Replies
View Related
Apr 20, 2011
What programs under Linux can capture ethernet traffic? And which ones from them are maintained and most comfortable?
View 4 Replies
View Related
Sep 4, 2009
I wanted to know if i can install mrtg on a client computer in network and measure the network's router traffic.i know that it can be installed on the server.
View 5 Replies
View Related
Jun 9, 2010
I moved my server and network equipment, and now the wireless works but I cannot get my server online. I host a website, so this is kind of urgent.
I have a wireless router and can access the internet fine on my laptop. My server is wired & connected to the router. It sets up the networking properly.. ifconfig has an ip address, the default gateway is present. But I cannot ping google, or even the router. It says destination host unreachable.
So I go back to the laptop to check the router settings.. sometimes it likes to assign the server the wrong internal ip. But, I can't access the router settings either! The page (192.168.1.1) times out. Same with trying to ping the router. How can the laptop be online if it can't reach the router?
Oddly, ifconfig on my laptop reports an ip address starting with 99.233. It's always given me an internal address starting with 192.168. What's going on here? Is the router not allocating an internal ip? I use wicd to connect, if it's relevant.
We have a windows laptop that can only get a "local connection". Now it does sound like the router is forwarding directly to my laptop, instead of allocating internal ips.
View 1 Replies
View Related
Jan 6, 2010
I have my firewall setup so that only specific subnets/IP addresses can access the system. My issue is that I have remote user/laptop who needs to access the system, but is constantly on a different subnet/dhcp IP address. Is there configuration for iptables where I can enter the mac address of the laptop to allow access to the system and not specify a subnet or IP address?
View 3 Replies
View Related
Aug 24, 2010
I wish to prevent some programs from "phoning home", and to allow other programs to access only specific web servers.Is there any way to interactively allow or decline outbound communication from individual programs on Ubuntu?
View 4 Replies
View Related
May 13, 2010
I could no handle/circumvent on the past week, despite of the several "googling" and documents reading. I will try to mention all needed bits... I'm managing a network with the following structure:
eth0: internal net
eth1: DMZ
eth2: 10 mbit/sec sync line with eight public /29 IP's + a /30 interconnection network. All public IP's must use the interconnection's network gateway.
eth3: ADSL with ppoe with fixed IP (ppp0).
Now, a few extra info:
- All internal traffic is routed through ppp0 except when it's destined for DMZ and public IP's range.
- DMZ traffic is routed either through ppp0 or eth2. This is done by source IP.
- eth2 has on IP from the interconnection network, and six public IP's are also defined on eth2. Command: "ip addr add ...."
[code].....
View 6 Replies
View Related
Jan 4, 2010
I have Ubuntu 8.04 as virtual host. On this host I have installed VirtualBox virtualization software. I have installed Windows XP as virtual machine and installed HTTP server.I would like temporally disable all network connections to host and virtual machine.So on Ubuntu host I have set firewall settings:
Code:
sudo iptables -F (to flush - delete all firewall settings)
sudo iptables -P INPUT DROP (to disable all input traffic)
[code]....
View 9 Replies
View Related
Jan 29, 2010
I have a server on my router on the DMZ. All outside traffic goes to it. This server has Apache running and the domain mysite.com resolves to the the DMZ web server. I have a second server on the LAN that also has apache running. I want to set up another domain, myothersite.com to resolve to the second server on the LAN. Since the main server is on DMZ I have the DNS A records for myothersite.com pointing to the public IP that the DMZ is on.
How do I get myothersite.com to resolve to the second webserver on the LAN? What configuration do I need to do on my DMZ server so it routes traffic for myothersite.com to the other server on teh LAN? Do I use BIND DNS? If so please advise on how to set that up. BIND DNS seems confusing and I having trouble knowing how to configuring it. Is there another option besides BIND?
View 2 Replies
View Related
Apr 3, 2011
I have installed the graphic user interface for IPtables and enabled this firewall. However, I find it a bit strange. What is the difference between rejecting and denying the traffic? If I want to configure IPtables as two-way, how can I define which of my apps can connect to the internet and which can't? If this firewall is enabled, does it really run in the background, protecting the user,or does it run only when its GUI is opened?
View 9 Replies
View Related
Feb 17, 2011
i use slackware 13.1 i have apache, mysq, php - working i have a router netgear WPN824v2 - latest firmware port forwarding to my comp 192.168.1.105 port 22 i can access my ssh from my internel lan, but i cannot access it from the outside... i used [URL] to test the port and it says that is closed. i used PFportCheck Program on my other windows computer and it says that "port 22 is opened on another device!" - which is good because it's opened on this computer. also tried to changed the port on sshd_config to 6655 and 22 but it's still cannot connect...
View 1 Replies
View Related
Mar 18, 2010
Guys in windows we physically acces the router by accesories -> communication tools. same way how do we access in fedora?? Similarly is it possible to convert a Fedora system to an router?
View 5 Replies
View Related
