General discussion

Locked

Analyse external traffic hitting router?

By Rock Lobster ·
Hi! Is it possible to monitor the traffic hitting the outside of a router (WAN) from inside the local network? I have tried a packet sniffer, but it seems only to resolve traffic internal to the local network. Any free app that you know of that would do this would be very helpful. (I need to do this becaue I think my IP is under attack from a hacker / virus etc.)

Thanks!

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by kennethaj In reply to Analyse external traffic ...

What kind of router is it? Is it Linux based? Cisco? Is it a NAT firewall/router? What packet sniffer are you using? NAI, etc.? Most professional routers have excellent logging capabilities resident. If you are using a consumer type firewall such as Linksys, D-link, etc., there are things you can do. Basically, it depends on router. More info would help.

Collapse -

by mshavrov In reply to Analyse external traffic ...

It depends on your router. If you have any router with T1 WAN interface, you are limited in choices what you can do. In this case you can create access-list to permit legitime traffic and create a "deny all" statement at the end of this access-list and log hits to this "deny" statement. That's how you can see all attempts to establish connections to/through the router.

If you have ISP's router and you can not do anything with it, you may either create similar access-list in your firewall and log all attempts (it's very good idea in any situation), or install IDS (Intrusion Detection) Sensor between ISP's router and your firewall. Intrusion Detection will not only show you TCP and UDP connections, but it will also analyze the traffic and determine real attacks.

And last but not a least. Install any kind of traffic monitoring software to watch your Internet link. I like MRTG package. It reads interface utilization every 5 minutes and builds a graph, so you can analyze your baselines and trends.

Good luck,

Michael Shavrov
CCNP, CCDP, CCSP, MCSE W2K, MCSE+I, Security+

Collapse -

by -Q-240248 In reply to Analyse external traffic ...

Yes, we need the type of router. Cisco, for instance, can debug all traffic right there on the your terminal.

Back to Networks Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums