Jump to content

Netowrk Monitoring Tools For Windows


Life like Opossum
 Share

Recommended Posts

I'm looking for a network monitoring tool that I can run on a windows machine. My girlfriends brother often hogs the internet and downloads programs while we are trying to do other things, he denies doing this, but I know better. I'm looking for a program that I can use to monitor the traffic coming through the router. Does anyone have any good suggestions of some programs I could use?

Also, I wouldn't actually have the routers password so I wouldn't be able to modify anything on it form my end. Simply connected via WiFi and looking to monitor the traffic to catch him red handed.

Link to comment
Share on other sites

Only way to monitor it is 1, if the router has a feature for this, 2, you had a way to single out his machine, or 3, you actually installed a monitoring program on his machine. You can though, if you know his MAC address and the router has any kind of QOS features, tweak it so the rest of you get higher priority over his connection, but thats not offered on most consumer routers. Some later models come with QOS capabilities these days though, but if you can't logon to the router, you wouldn't really have a way to tell. The only other way you could monitor the traffic, is with an ARP attack to MITM his connection, then monitor in wireshark the sites he goes to. This is illegal of course, but if its your own home network, and you own all of the machines and router, its more or less grey area. In many states, its illegal, but still, you would be able to see all of the traffic and sites he visits.

Some routers, have the ability to block certain sites as well though, so if you suspect hes doing torrents or such, you can sometimes block the ports used in torrenting, as well as the sites themselves. Not the best solution, but again, router would need these features, and you would need to have access to the router itself.

Link to comment
Share on other sites

Well you could install wireshark for windows and see all the traffic. It should work I do it with my router at home. I'm able to see all the traffic and ip address that are going out.

Link to comment
Share on other sites

Well you could install wireshark for windows and see all the traffic. It should work I do it with my router at home. I'm able to see all the traffic and ip address that are going out.

In what matter though? Are you sitting between the router and the modem? Because if you were, then yes, you can see all traffic, otherwise, you are only seeing your own traffic if running Wireshark locally. If its an unencrypted wifi network, you potentially can see everything if using linux and putting the card into monitor mode, but if its an encrypted network or wired, you would need to MITM someone elses computer to see THEIR traffic, unless what you use is actually a HUB and not a router. HUBs sent the same data, to everyone connected to them, whether the data was intended for them or not, which causes broadcast storms and why they don't sell them any more and everyone now uses routers and switches....
Link to comment
Share on other sites

I had a similar problem. You can run a dhcp exhaust attack against the router if you don't have admin axx, otherwise you could just change the DNS server to your own, just a basic bind9 install nothing fancy. I wrote a script that monitored the DNS queries, and if it received a query for a few certain places affiliated w/downloading movies, from a certain IP on the LAN, it would send that person (who was warned several times) a few deauth packets. Naturally they keep trying, but after a few hours they'll get the point.

Edited by bobbyb1980
Link to comment
Share on other sites

Or you can build/buy a Lan Star from the hakshop (theres guides on the internet to build your own of course too) and install it between the router and his computer, then with wireshark for windows put your card in promiscuous (windows supports prom but not mon right?) mode and sniff the traffic. Again as digip rightfully reminds us, this is totally illegal, especially if you don't own the network and all the machines on it...

telot

Edited by telot
Link to comment
Share on other sites

Well, it is my girlfriend's network, so no I don't own everything. I am however living in Canada, we have different laws, although intercepting electronic communications is still illegal. The fact is, I doubt they would care, but that is besides the point. Thank you all for the tips, I'll see if I can use any of these options. It turns out they have the router password set the same as their WiFi password (genius right). I'll tinker around and see what I can find out.

On a side note, what are some good network monitoring tools for windows that I can use to monitor my own internal traffic? I know about NETSTAT to simply see what connections are open, but I don't know enough about managing connections in windows to kill connections and all that other fun stuff.

If anyone knows of any good programs, please let me know.

Edited by Saelani
Link to comment
Share on other sites

While its illegal, you could use a RAT to monitor what your GF does on her computer. If you need more information about it, visit the hackforums.net. I can't discuss more about this, because its against the Hak5 forum rules.

Link to comment
Share on other sites

While its illegal, you could use a RAT to monitor what your GF does on her computer. If you need more information about it, visit the hackforums.net. I can't discuss more about this, because its against the Hak5 forum rules.

I think you misunderstand what I am wanting here. I am not looking to monitor my girlfriends computer. I was originally looking for a monitoring tool to monitor all of the router traffic so I could know when her little brother is downloading files, as they have quite slow internet here. The following question was regarding network monitoring for my own machine, just so I know what connections are open and which ones I can kill.

Edited by Saelani
Link to comment
Share on other sites

TCPVIEW will let you(when right clicked and run as administrator) close/kill open connections. Kind of like netstat on steroids but in a GUI:

http://technet.microsoft.com/en-us/sysinternals/bb897437

Link to comment
Share on other sites

Thanks I appreciate the info. I have always used net stat to view my connections but I never knew how to kill them. This utility should. help me a lot. Thanks!

Yeah, the netstat command only allows you to view all current established connections, in your computer it doesn't allow you to terminate them. You will need a third party app, such as the one Digip suggested, The TCPView.

Link to comment
Share on other sites

personally wireshark would be my choice, but if you really are worried i would just block access to file sharing sites via your router, that way you don't need to worry about what they do or do not do, you could also just check their box for torrent protocols, or browser history if you have access.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...