Incoming Traffic analysis on D-Link Router

D

defcom_1

[H]ard|Gawd
Joined
Sep 12, 2002
Messages
1,793
I am currently at my parent's place, and I noticed that they have massive amounts of incoming traffic, which is all being filtered out by the D-Link 604 router (yes, it's not the greatest, but it works)

Is there anyway I can see what's in these packets? Just so you have some numbers to compare:
Code: 
 	 Receive  	              Transmit
WAN 	9687554 Packets 	 24110 Packets
LAN 	  29720 Packets 	 68399 Packets

The recieve light on the modem is continuously blinking, and we are getting disruptions even when browsing the web, as it sometimes takes multiple tries just to get the DNS resolved.

DI-604
Firmware version 2.20
Hardware Revision C1

Thanks
 
defcom_1 said:
Is there anyway I can see what's in these packets? Just so you have some numbers to compare:
Click to expand...

Drop a hub between the cable modem/dsl modem and the router and put a box with a sniffer on it.
Code: 
[Internet] - [modem] - [hub] - [router] - [your network]
[color="gray"].........................[/color]|
[color="grey"].....................[/color][Sniffer]

Give it an 0.0.0.0 IP and have fun....
 
you may need to google on how to allow the router to let the traffic through. you may be able to place a not existant ip in dmz for it to work or the host. try a non existing host before your parent's pc is used for sniffing.

and use this application: http://www.ethereal.com/
 
my DI-614+ has logging in it for anything it blocks. I just look there.
cable and DSL is a shared bandwidth device. most cablemodems will blink their activity light whenever there is activity on their 'leg' of the network, which includes you and whoever else is on that part.
 
LadyJaqie said:
... most cablemodems will blink their activity light whenever there is activity on their 'leg' of the network, which includes you and whoever else is on that part...
Click to expand...

D'oh. Forgot about that. I always thought that the shared traffic was filtered out at the modem level, but I guess I thought wrong. :)
Thanks for the help!

*edit*

I thought about it some more, and the issue isn't that the modem light is blinking, it's that it's passing the traffic through to the router. That shouldn't be happening. I'll set up a sniffer later on.
 
I have the same setup and the modem is always talking to the router reguardless of wether or not anything is in use. Just think of it as a friendly conversation between the two devices that has no ill effect. Also, as mentioned above, you can set your log to record dropped packets. I get several "pings of death" dropped each day as well as on or two port sniffing attacks. Those numbers for packet traffic that you posted looked about similar to what I have on mine. No real issue there.
 
MiXdNuTs said:
I have the same setup and the modem is always talking to the router reguardless of wether or not anything is in use. Just think of it as a friendly conversation between the two devices that has no ill effect. Also, as mentioned above, you can set your log to record dropped packets. I get several "pings of death" dropped each day as well as on or two port sniffing attacks. Those numbers for packet traffic that you posted looked about similar to what I have on mine. No real issue there.
Click to expand...

Alright, I'll put my foil hat away for another day. :D

Thanks for the help!
 
You must log in or register to reply here.
Back
Top