monitor LAN activity?

[CurtisEbear]

Looking for a program, preferably free though it doesn't need to be, that will allow me to monitor activity on our LAN. Basically I need something to see how much is being downloaded and is possible what is being downloaded.

The problem is, we have 4 computers on our LAN here at our apartment, all connected to dsl via a router. I suspect my roommate is downloading movies on bittorrent, though he denies it. Since the dsl subscription is in my name, i'd prefer to not be sued by the MPAA if i can help it.

Is there a good program I can use to find out if he's downloading huge files, and possibly what program he is using to download and what is being downloaded?

thanks.



EDIT: oh also if there is such a program, can I also use it to block certain programs (bittorrent, kazaa, etc), or would i need something else to block this illegal activity?

 

[samuraijake]

For network analysis, try Ethereal: http://www.ethereal.com/

You also might try to run a port scan on his IP adress to find out which ports are open. If he didn't change the default port to be used by his bitTorrent client, it should fall somewhere in the area of ~6881. Here's a free and small port scanner. Of course ethereal will also tell you which devices and ports are active on the network.

Blocking his use of P2P services is tricky. You can try blocking the port in the router configuration, but he can change the port he uses if he figures out what you did. Your best option is to use bandwidth throttling, but your router might not support that.

A better solution to all of this? Just ask him about it, and if he doesn't cooperate, cut him out of the loop.

Good luck.

 

[Tazanator]

Well I use MRTG to watch/graph traffic and use a bitbucket on the linux router to shape traffic limiting my DSL to dialup speeds for P2P traffic

 

[JackMDS]

It is not free (about $30), but the best of its kind: www.netlimiter.com

:sun:

 

[InlineFive]

You can't monitor all the traffic on your network from a single computer. Switches only use routes that are requested, they don't broadcast everything that is going on everywhere. Thus, if your roomate is using the internet you won't be able to track it. You would have to either use software that would be installed on all clients. Or use something a little more suited to the task at your gateway.

 

[CurtisEbear]

I'm using the trail versin of netlimiter now...i guess you get to use it for 30 days for free so im giving it a try. I'm not real savvy with the whole networking thing so if my questions seem stupid, please bear with me.

Mostly it seems pretty straightforward...has the names of programs and allows you to limit their bandwidth. however, as far as i can tell its only showing programs its picking up from my IP, not other IPs on our LAN. Is there any way to limit bandwidth on another computers BT client?

 

[alm4rr]

how bout switchin the switch for a hub?

 

[CurtisEbear]

Originally posted by: alm4rr
how bout switchin the switch for a hub?

I apparently know little enough about this that I don't know what difference that would make. Please elaborate. Also I suppose i should say its a wireless router and 3 of the four people are on wireless, and the guy who's downloading the movies is on ethernet.

I don't know how much a hub would cost, but I did buy a wireless router specifically so me and the other guys could have wireless.

 

[spidey07]

ethereal would be a great start.

But someway, somehow you need to "see" the traffic.

using a hub instead of a switch will allow you to do this.

dsl---modem---hub---clients

plub the monitor into the hub and you'll "see" all of the traffic and can see how much data that IP is using and what applications/filenames, etc

 

[n0cmonkey]

dsl modem--hub--router--clients will work too, especially if you don't give the sniffing interface an IP address.

 

[CurtisEbear]

strange...as it turns out i have a hub in my dresser and i don't know why. anyway now that i have a hub what exactly do i do? i was somewhat confused by the previous explainations.

there's four ports on the hub, and a small button next to them that says normal/uplink.

Do I connect the dsl modem to the hub, then the hub to the router, then everyone's computers to the router? or what?

yes i know i'm a dumbass.

 

[n0cmonkey]

There are a couple of ways to do it, depending on how many clients there are.

If there are 3 of less clients, plug them into the hub, and plug the uplink port into the router.

If there are more than 3, you might have to put the hub in front of the router, and plug everyone into the router. You'll need a second NIC for this setup though.

 

[bigfatdonny]

Plug the DSL modem into the hub via the uplink port, and plug the rest of the computers into the other ports. Once this is done, the switch should be totally out of the picture, and everone should be connected.

 

[CurtisEbear]

ok thanks. I'll see if i can figure this out.

 

[phisrow]

Someone correct me if I'm wrong; but can't you sniff traffic off a switch as though you were working off a hub, if you are willing to do some ARP poisoning? Obviously, if you have physical control over the network, the hub is a good solution; but in theory shouldn't you be able to man-in-the-middle even if you are on a switched network?

 

[n0cmonkey]

Originally posted by: phisrow
Someone correct me if I'm wrong; but can't you sniff traffic off a switch as though you were working off a hub, if you are willing to do some ARP poisoning? Obviously, if you have physical control over the network, the hub is a good solution; but in theory shouldn't you be able to man-in-the-middle even if you are on a switched network?

It's possible, but can be a PITA.

 

[DnetMHZ]

Originally posted by: n0cmonkey

Originally posted by: phisrow
Someone correct me if I'm wrong; but can't you sniff traffic off a switch as though you were working off a hub, if you are willing to do some ARP poisoning? Obviously, if you have physical control over the network, the hub is a good solution; but in theory shouldn't you be able to man-in-the-middle even if you are on a switched network?

It's possible, but can be a PITA.

Seems like a terrible amount of overkill for a home network to me.

But that's just my opinoin.

 

[kamper]

Aren't we missing the obvious? If he's getting anywhere with bittorrent he must have at least one port open on the router. Does he have admin access to it? Do you?

Get on there and see if he has any ports forwarded to his machine. If he's got anything that is definitley bt (like 6881, for instance), cut him off. Otherwise challenge him on why they're open.

 

[CurtisEbear]

Originally posted by: kamper
Aren't we missing the obvious? If he's getting anywhere with bittorrent he must have at least one port open on the router. Does he have admin access to it? Do you?

Get on there and see if he has any ports forwarded to his machine. If he's got anything that is definitley bt (like 6881, for instance), cut him off. Otherwise challenge him on why they're open.

First, yes he does have admin access...i think he knows the password for the router. Even if he didn't, he knows that he can reset the router by hitting the reset button, thereby making the password admin. None of that matters though, as thats about the extent of his knowledge. Once he got onto the router options he wouldn't know dick sh!t.

However, the ports 6881 thru 6999 are forwarded already, by me, since i use bittorrent for legitimate purposes. However, these ports are only forwarded for my IP, no one elses. Bittorrent still downloads without the ports forwarded. its just somewhat slower. Also blocking those ports didnt seem to do anything. I tried blocking them in the router options thinking that if i did so, i could just turn them on when i needed to use BT, and turn them off at all other times. didnt do anything for some reason.


Also, in reply to other people's "much easier" solutions such as confronting him about it/cutting him off, i've already asked him about it, and he denies downloading movies, but i'm 99% sure he has been. Cutting him off would be sweet satisfaction, trust me, but i also have to take into consideration other factors. If i cut him off, he won't be paying his portion of the dsl bill. not that big of a deal, but i live with other people who are also paying, and they won't be exactly thrilled to hear that they have to pay that much more every month. Also the simple fact that i have to live with him. This is school housing and i don't really have too much say in who I live with, and i don't really relish the idea of living with someone who's going to always be pissed off at me because i cut him off.

Basically the solution that I really want is to be able to somehow disable or severely cripple bittorrent only for his IP, and not affect anything else. He's going to be pissed off it i cut off his internet, but if I just cut off bittorrent and don't tell him that I did it and why, chances are good he'll be like "hey paul, why isn't bittorrent working?" and i'll be like "I don't know", and since he knows very little about computer software or hardware, he won't be able to figure out why its not working, and he'll just give up on it. He doesn't know enough about p2p software to use another client. the only reason he knows about bittorrent is because i downloaded it for him so he could download service pack 2. Then he somehow figured out he could download other things with it. took him 2 months though.

 

[kamper]

If my limited understanding of bittorrent is correct, not forwarding any ports to his machine will severly cripple his ability to download. I thought the whole point was that, if you didn't allow outsiders to contact you you were automatically cutoff from downloading.

Although, I sorta like the idea of sniffing his packets. It's a little more conclusive and you learn more

 

[Tazanator]

well a linux router with ip table rules utilizing a bit bucket would do perfect for this...

 

[HKSturboKID]

my suggestion is block everything and only allow port 80.

 

[CurtisEbear]

Originally posted by: HKSturboKID
my suggestion is block everything and only allow port 80.

before i act on any suggestions it would probably be to my benefit to know exactly whats going to happen when i do this. could you fill me in on what that'll do?

 

[imported_ppc]

Why don't you go buy some lottery tickets while you are at it since you are more likely to win that before you get sued by the MPAA/RIAA...

And yes I understand it's the principal but honestly - You don't have anything to worry about and if you do - tell them right out - he's the one who did it let them look at your computer for deleted copyrighted works or whatever.

 

[CurtisEbear]

alright yes, true its probably not that likely i'll get sued, but there probably is a better chance of me receiving a c&d from my isp or they'll cancel my service, no?

whatever. either way, like you said, its the principle. It just kind of pisses me off that he's doing it.