traffic monitor (i am being bombed)

**barocca** · 06-29-2007, 08:33

My fellow netizens, it gives me great pleasure to announce that I have today,
signed a bill declaring non-netizens illegal... we begin bombing in 5 minutes...

but seriously folks...

many eons ago, (shortly after the dinosaurs went extinct (circa 1980))
i used to use a traffic monitor that let me know who was connecting to my PC,
how many packets they were sending and so on,
this information i could view in a nice real time graph thingy

basically what is happening at the moment is someone is (at certain predictable times)
bombing the daylights out of my internet connection,

i need to be able to "see" it happening in some sort of graphical format (not list format)
in real time so i can record it using a video camera.
(dont ask too many Q's about why, its all very complicated)
(users IP number and "weight" of their attack is all i need to be displayed)
SO
recommendations please for software to do this

many thanks
B.

**Blodrast** · 06-29-2007, 10:36

windoze or linux ?
if windoze, try ethereal. You may also find PeerGuardian2 useful.

**Beirut** · 06-29-2007, 12:03

Interesting. Please keep us up to date on your virtual manhunt.

**Whacker** · 06-29-2007, 13:22

Hi Barocca. You finally caught me. I'm sorry for doHAHAHHA ALL J00R P4CK3TS R M1N3 SURR3ND3R!!!

If you do seriously suspect someone IS trying to DoS you, there's a few things to consider.

1. When I tried this last, my ISP basically said I need some kind of 'proof' that someone was doing this before they could investigate. It sounded rather fishy and dumb to me, probably could have escalated it to a manager to avoid that, but the average joe wouldn't be able to do something like that without some help. You could always try this and see if you can't get them to look into it. BEWARE! By doing so, you are calling attention to yourself. If you... erm... do stuff like torrents and P2P, legit or non-legit, you might want to be prepared for some questions. I don't know the legality of this honestly, just in the rare event that does happen, be prepared for it. Also, from you post, I would NOT recommend you contronting the individual(s) that you may suspect are doing this. That can throw a real wrench into the works, esp. if this does escalate to involving legal authorities. Trust me on this one (my job IS network security). If anything, quite often you won't be able to prove it to the specific individual, and even if you can depending on their age/intelligence it may just provoke them to go after you more. These aren't the only reasons but they are the most common ones why NOT to do so.

These next ones depend really on your level of technical expertise. If your ISP balks at you in 1., or if you honestly want to see if someone is really doing this to begin with, you'll want to log the connections as you stated. I'm not sure what you meant by "graphically", but there really isn't anything that I am aware of like what you are asking for. By their nature, network logging tools are mainly text oriented, even Ethereal which was mentioned earlier is not really going to be all that graphical, it just provides a UI for the capture engine. So..

2. Logging connections at your router (aka Linksys, D-Link, Netgear, some built in models). You do have one, right? Right?? I'm going to assume that you do, god help you if you don't. You can install all the nice logging software you want on your PC behind the router, and it won't do you a whit of good because your router is probably blocking 99.9% of all the unsolicited traffic aimed at it. So in short, unless you've conciously mapped specific ports on your router to your PC, say for gaming or IRC or SSH or whatever, then your router is going to be dropping that traffic because it "knows" that it's not wanted/generated/requested by you/your PC. Now *some* routers come with rudimentary logging abilities that you can see the traffic coming in and going out of the device. There's too many examples to list and this would become a 10 page FAQ if I went into detail for all of them, but suffice to say IF your device has this capability, you'll need to either get a generic app that can understand the log/message format it generates (you may have to turn logging on specifically), or in cases like Linksys there are special Linksys apps that they created that only work with their devices because they chose to use some funky logging format. If you can post the make/model of your router, that's a lot better and could help us help you specifically.

3. Logging directly on your PC. Ugh. This would entail one of either a> putting your PC directly on the internet, which is suicidal these days or b> DMZing your PC on your router, which is just as bad. You really don't want to do either of these at all, esp. if you are being attacked actively.

This was really a primer more than a guide. What we need next really is the make/model of your home router (sometimes cable/dsl models have built in routers if you don't have a separate one), and what make/model/OS you are running on your PC.

**Papewaio** · 06-29-2007, 13:34

Where does the expendable Linux internet box sit nowadays as a useful tool or superseded by the routers inbuilt capacities?

**Whacker** · 06-29-2007, 13:46

Originally Posted by Papewaio

Where does the expendable Linux internet box sit nowadays as a useful tool or superseded by the routers inbuilt capacities?

Depends mainly on cost/skill/goals in business terms. If you mean just at home, then the lunix box utterly blows anything consumer grade away. All consumer (home) routers will only come with some basic functionality, and the logging is going to be rudimentary at best. Hell I have one of the high end Linksys deals and it only logs source/dest/port inforation in packets, nothing else. When I had a linux box acting as my router a few years back, I could log onto it and see traffic in real time, capture, send the logs to my home PC, etc etc etc. Properly hardened it definitely isn't expendable and nigh unhackable as say a Cisco PIX with almost all the same functionality, if not more.

**Papewaio** · 06-29-2007, 14:41

I meant expendable as in having an imaged backup so that it can be resurrected with ease... not expendable as in becoming a waffle maker...

**barocca** · 06-29-2007, 21:31

router is an ADSL modem/router

Netgear DG834G v3 (has wireless but i am wired into it)
i mention the v3 because Netgear are lazy sons of packets who use the same model number for a range of modem/router with the last letter and version number being the only identifiable differences
(i sell the things for a living - it is a MAJOR pain)

OS - winXP SP2

graphical thingy
like the performance monitor in task manager,
used to have something that gave me a similar output for network and could isolate one incoming IP and display that

but even something showing me an ip and number of packets within last few seconds - i need to film it because i have to show tis stuff to people whose eyes glaze over at the merest hints of "packets", "time-to-live", "ip number" etc etc

and yes ISP has said WE have to prove.
(and no, i wont be confronting directly)
B.