MultiCom Technical Support Forum Index MultiCom Technical Support
Supporting MultiCom Routers, Firewalls and VPN
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

How can I see the traffic passing through the router ?

 
Post new topic   Reply to topic    MultiCom Technical Support Forum Index -> 2.x Frequently Asked Questions
View previous topic :: View next topic  
Author Message
Support



Joined: 09 Oct 2002
Posts: 175
Location: Lausanne, Switzerland

PostPosted: Fri Jan 24, 03 8:52    Post subject: How can I see the traffic passing through the router ? Reply with quote

Sometimes you may want to make a record of the traffic passing through the MultiCom Router, for instance if you see that a DNS request is opening the ISDN line you still do not know what traffic caused the DNS request. Using Syslog and Filtering features you can build a record of data packets moving through the MultiCom Router.
You will need to activate a filter rule that logs all traffic and send logs to a Syslog server.

Requirements: Firmware 2.6 or greater, Syslog software.... try the free software for windows.. http://www.kiwi-enterprises.com/software_downloads.htm#Syslogd,

Process: You will need to edit the config on your Pocket or other MultiCom Router to send a Syslog message to the computer running the Syslog software for every packet that goes through the Pocket. This will create a list of the activity that can help pinpoint what is causing the DNS requests that open the lines. Replace any existing filtering rules with (please change 10.0.0.2 to be the IP address of the workstation running the Syslog listening software)...

Code:
IP Filter ALLOW from ANY to ANY log
syslog host 10.0.0.2
IP Filter On


Sample messages from activity starting on my workstation (10.0.0.2), going through the Pocket MultiCom (10.0.0.1).....

Code:
DNS request from my typing a name in a web browser and the response (port 53)
11-12-2001 13:50:12 User.Warning 10.0.0.1 IP FILTER: Allow incoming UDP frame: 194.230.4.9:53 10.0.0.2:1991<000>
11-12-2001 13:50:11 User.Warning 10.0.0.1 IP FILTER: Allow incoming UDP frame: 10.0.0.2:1991 194.230.4.9:53<000>

The page itself (port 80)
11-12-2001 13:49:04 User.Warning 10.0.0.1 IP FILTER: Allow incoming TCP frame: 10.0.0.2:1988 193.247.134.5:80<000>

Checking email (pop3, port 110)
11-12-2001 13:53:20 User.Warning 10.0.0.1 IP FILTER: Allow incoming TCP frame: 10.0.0.2:1942 193.5.2.60:110<000>

Windows Update (port 80)
11-12-2001 13:54:19 User.Warning 10.0.0.1 IP FILTER: Allow incoming TCP frame: 10.0.0.2:2004 207.46.226.17:80<000>

Multiple checks of the DNS server for a non-existent page
11-12-2001 13:51:59 User.Warning 10.0.0.1 IP FILTER: Allow incoming UDP frame: 10.0.0.2:1998 194.230.5.139:53<000>
11-12-2001 13:51:59 User.Warning 10.0.0.1 IP FILTER: Allow incoming UDP frame: 10.0.0.2:1998 194.230.4.9:53<000>
11-12-2001 13:51:55 User.Warning 10.0.0.1 IP FILTER: Allow incoming UDP frame: 10.0.0.2:1998 194.230.5.139:53<000>
11-12-2001 13:51:55 User.Warning 10.0.0.1 IP FILTER: Allow incoming UDP frame: 10.0.0.2:1998 194.230.4.9:53<000>
11-12-2001 13:51:53 User.Warning 10.0.0.1 IP FILTER: Allow incoming UDP frame: 10.0.0.2:1998 194.230.5.139:53<000>


NOTE- if you want to see packets originating from the MultiCom Router itself (and not from the connected networks), you will need to add one additional line after the other filtering rules:

Code:
IP FILTER ROUTERFRAMES ON


For more information on configuring Syslog on MultiCom Routers click here.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    MultiCom Technical Support Forum Index -> 2.x Frequently Asked Questions All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group