Forum Thread: Hello Monitor World, I Need More Monitoring! How to Monitor My Network?

Hello Monitor World, I Need More Monitoring! How to Monitor My Network?

Hi! New to this world and I would like pointers to the right direction of my request. I want to be able to monitor my network at home. I want to learn to shoot down hackers and unwanted people connecting to the network. It would also be nice to learn how to track down a hacker connected to the network, find information about him/her and finally monitor internet activity on my own network!

You know, for parenting purposes ;)
And also because I find it fascinating.

I am far from a "hacker" but I know the Linux basics so no need to explain how Linux works. Also familiar with some networking, but only how it works, not how to manipulate it.

Thanks in advance,
ZebMastaH

4 Responses

take a look at wireshark. Its very hard to catch an attacker if they're already in but if you keep a close eye on wireshark you can eventually tell. Also your home router should have logging options and such built in to monitor what machines are active on your network.

I second Wireshark. I would also suggest getting DDWRT on your router and setting up a syslog with WallWatcher. Most consumer routers will log router-specific events like log-ins and DHCP renewals, but it wont log interactions between your clients. Good to have both.

The truth of the matter is, it is a rare thing to catch an attacker in the act. What happens usually is an attacker does whatever he/she is going to do, and if youve been logging, then youll be privy to what he did (to whatever extent of a trace he left) and can go from there.

One simple thing to look out for is port scan patterns in network traffic dumps (with Wireshark for example). Always very easy to spot, and lets you know someone's been poking around.

Thanks for the good tips! I will check it out, the wireshark should be easy enough!
Can I monitor my router with Linux and see the traffic? I.e what web servers are being used etc?

as suggested you could tell your router to send logs to your linux machine and download one of the many log management tools that are out there for analysis. However it might just be easier to just view the logs on your routers administration console (this is usually done by typing your routers gateway ip into your browser ie 192.168.1.1 do an ifconfig to find your gateway ip)

Share Your Thoughts

  • Hot
  • Active