Support
Joined: 09 Oct 2002
Posts: 175
Location: Lausanne, Switzerland
|
 Posted: Fri Jan 24, 03 8:52 Post subject: How can I see the traffic passing through the router ? |
 |
|
Sometimes you may want to make a record of the traffic passing through the MultiCom Router, for instance if you see that a DNS request is opening the ISDN line you still do not know what traffic caused the DNS request. Using Syslog and Filtering features you can build a record of data packets moving through the MultiCom Router.
You will need to activate a filter rule that logs all traffic and send logs to a Syslog server.
Requirements: Firmware 2.6 or greater, Syslog software.... try the free software for windows.. http://www.kiwi-enterprises.com/software_downloads.htm#Syslogd,
Process: You will need to edit the config on your Pocket or other MultiCom Router to send a Syslog message to the computer running the Syslog software for every packet that goes through the Pocket. This will create a list of the activity that can help pinpoint what is causing the DNS requests that open the lines. Replace any existing filtering rules with (please change 10.0.0.2 to be the IP address of the workstation running the Syslog listening software)...
| Code: | IP Filter ALLOW from ANY to ANY log
syslog host 10.0.0.2
IP Filter On |
Sample messages from activity starting on my workstation (10.0.0.2), going through the Pocket MultiCom (10.0.0.1).....
| Code: | DNS request from my typing a name in a web browser and the response (port 53)
11-12-2001 13:50:12 User.Warning 10.0.0.1 IP FILTER: Allow incoming UDP frame: 194.230.4.9:53 10.0.0.2:1991<000>
11-12-2001 13:50:11 User.Warning 10.0.0.1 IP FILTER: Allow incoming UDP frame: 10.0.0.2:1991 194.230.4.9:53<000>
The page itself (port 80)
11-12-2001 13:49:04 User.Warning 10.0.0.1 IP FILTER: Allow incoming TCP frame: 10.0.0.2:1988 193.247.134.5:80<000>
Checking email (pop3, port 110)
11-12-2001 13:53:20 User.Warning 10.0.0.1 IP FILTER: Allow incoming TCP frame: 10.0.0.2:1942 193.5.2.60:110<000>
Windows Update (port 80)
11-12-2001 13:54:19 User.Warning 10.0.0.1 IP FILTER: Allow incoming TCP frame: 10.0.0.2:2004 207.46.226.17:80<000>
Multiple checks of the DNS server for a non-existent page
11-12-2001 13:51:59 User.Warning 10.0.0.1 IP FILTER: Allow incoming UDP frame: 10.0.0.2:1998 194.230.5.139:53<000>
11-12-2001 13:51:59 User.Warning 10.0.0.1 IP FILTER: Allow incoming UDP frame: 10.0.0.2:1998 194.230.4.9:53<000>
11-12-2001 13:51:55 User.Warning 10.0.0.1 IP FILTER: Allow incoming UDP frame: 10.0.0.2:1998 194.230.5.139:53<000>
11-12-2001 13:51:55 User.Warning 10.0.0.1 IP FILTER: Allow incoming UDP frame: 10.0.0.2:1998 194.230.4.9:53<000>
11-12-2001 13:51:53 User.Warning 10.0.0.1 IP FILTER: Allow incoming UDP frame: 10.0.0.2:1998 194.230.5.139:53<000>
|
NOTE- if you want to see packets originating from the MultiCom Router itself (and not from the connected networks), you will need to add one additional line after the other filtering rules:
| Code: | | IP FILTER ROUTERFRAMES ON |
For more information on configuring Syslog on MultiCom Routers click here. |
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
