Life like Opossum Posted July 27, 2012 Share Posted July 27, 2012 I'm looking for a network monitoring tool that I can run on a windows machine. My girlfriends brother often hogs the internet and downloads programs while we are trying to do other things, he denies doing this, but I know better. I'm looking for a program that I can use to monitor the traffic coming through the router. Does anyone have any good suggestions of some programs I could use? Also, I wouldn't actually have the routers password so I wouldn't be able to modify anything on it form my end. Simply connected via WiFi and looking to monitor the traffic to catch him red handed. Quote Link to comment Share on other sites More sharing options...
digip Posted July 27, 2012 Share Posted July 27, 2012 Only way to monitor it is 1, if the router has a feature for this, 2, you had a way to single out his machine, or 3, you actually installed a monitoring program on his machine. You can though, if you know his MAC address and the router has any kind of QOS features, tweak it so the rest of you get higher priority over his connection, but thats not offered on most consumer routers. Some later models come with QOS capabilities these days though, but if you can't logon to the router, you wouldn't really have a way to tell. The only other way you could monitor the traffic, is with an ARP attack to MITM his connection, then monitor in wireshark the sites he goes to. This is illegal of course, but if its your own home network, and you own all of the machines and router, its more or less grey area. In many states, its illegal, but still, you would be able to see all of the traffic and sites he visits. Some routers, have the ability to block certain sites as well though, so if you suspect hes doing torrents or such, you can sometimes block the ports used in torrenting, as well as the sites themselves. Not the best solution, but again, router would need these features, and you would need to have access to the router itself. Quote Link to comment Share on other sites More sharing options...
Malachai Posted July 27, 2012 Share Posted July 27, 2012 Well you could install wireshark for windows and see all the traffic. It should work I do it with my router at home. I'm able to see all the traffic and ip address that are going out. Quote Link to comment Share on other sites More sharing options...
digip Posted July 27, 2012 Share Posted July 27, 2012 Well you could install wireshark for windows and see all the traffic. It should work I do it with my router at home. I'm able to see all the traffic and ip address that are going out. In what matter though? Are you sitting between the router and the modem? Because if you were, then yes, you can see all traffic, otherwise, you are only seeing your own traffic if running Wireshark locally. If its an unencrypted wifi network, you potentially can see everything if using linux and putting the card into monitor mode, but if its an encrypted network or wired, you would need to MITM someone elses computer to see THEIR traffic, unless what you use is actually a HUB and not a router. HUBs sent the same data, to everyone connected to them, whether the data was intended for them or not, which causes broadcast storms and why they don't sell them any more and everyone now uses routers and switches.... Quote Link to comment Share on other sites More sharing options...
bobbyb1980 Posted July 27, 2012 Share Posted July 27, 2012 (edited) I had a similar problem. You can run a dhcp exhaust attack against the router if you don't have admin axx, otherwise you could just change the DNS server to your own, just a basic bind9 install nothing fancy. I wrote a script that monitored the DNS queries, and if it received a query for a few certain places affiliated w/downloading movies, from a certain IP on the LAN, it would send that person (who was warned several times) a few deauth packets. Naturally they keep trying, but after a few hours they'll get the point. Edited July 27, 2012 by bobbyb1980 Quote Link to comment Share on other sites More sharing options...
telot Posted July 28, 2012 Share Posted July 28, 2012 (edited) Or you can build/buy a Lan Star from the hakshop (theres guides on the internet to build your own of course too) and install it between the router and his computer, then with wireshark for windows put your card in promiscuous (windows supports prom but not mon right?) mode and sniff the traffic. Again as digip rightfully reminds us, this is totally illegal, especially if you don't own the network and all the machines on it... telot Edited July 28, 2012 by telot Quote Link to comment Share on other sites More sharing options...
Life like Opossum Posted July 29, 2012 Author Share Posted July 29, 2012 (edited) Well, it is my girlfriend's network, so no I don't own everything. I am however living in Canada, we have different laws, although intercepting electronic communications is still illegal. The fact is, I doubt they would care, but that is besides the point. Thank you all for the tips, I'll see if I can use any of these options. It turns out they have the router password set the same as their WiFi password (genius right). I'll tinker around and see what I can find out. On a side note, what are some good network monitoring tools for windows that I can use to monitor my own internal traffic? I know about NETSTAT to simply see what connections are open, but I don't know enough about managing connections in windows to kill connections and all that other fun stuff. If anyone knows of any good programs, please let me know. Edited July 29, 2012 by Saelani Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted July 29, 2012 Share Posted July 29, 2012 While its illegal, you could use a RAT to monitor what your GF does on her computer. If you need more information about it, visit the hackforums.net. I can't discuss more about this, because its against the Hak5 forum rules. Quote Link to comment Share on other sites More sharing options...
Life like Opossum Posted July 30, 2012 Author Share Posted July 30, 2012 (edited) While its illegal, you could use a RAT to monitor what your GF does on her computer. If you need more information about it, visit the hackforums.net. I can't discuss more about this, because its against the Hak5 forum rules. I think you misunderstand what I am wanting here. I am not looking to monitor my girlfriends computer. I was originally looking for a monitoring tool to monitor all of the router traffic so I could know when her little brother is downloading files, as they have quite slow internet here. The following question was regarding network monitoring for my own machine, just so I know what connections are open and which ones I can kill. Edited July 30, 2012 by Saelani Quote Link to comment Share on other sites More sharing options...
digip Posted July 30, 2012 Share Posted July 30, 2012 TCPVIEW will let you(when right clicked and run as administrator) close/kill open connections. Kind of like netstat on steroids but in a GUI: http://technet.microsoft.com/en-us/sysinternals/bb897437 Quote Link to comment Share on other sites More sharing options...
Life like Opossum Posted July 31, 2012 Author Share Posted July 31, 2012 Thanks I appreciate the info. I have always used net stat to view my connections but I never knew how to kill them. This utility should. help me a lot. Thanks! Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted August 1, 2012 Share Posted August 1, 2012 Thanks I appreciate the info. I have always used net stat to view my connections but I never knew how to kill them. This utility should. help me a lot. Thanks! Yeah, the netstat command only allows you to view all current established connections, in your computer it doesn't allow you to terminate them. You will need a third party app, such as the one Digip suggested, The TCPView. Quote Link to comment Share on other sites More sharing options...
sober Posted August 5, 2012 Share Posted August 5, 2012 personally wireshark would be my choice, but if you really are worried i would just block access to file sharing sites via your router, that way you don't need to worry about what they do or do not do, you could also just check their box for torrent protocols, or browser history if you have access. Quote Link to comment Share on other sites More sharing options...
p4ulares Posted August 5, 2012 Share Posted August 5, 2012 24-Port KVM Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.