Hey everybody I want to monitor traffic on my linksys router. is there an easy/free way to do that to see wat everybody is up to and how much bandwidth they are using. I think there is a virus in my place and trying to localize where the hell it is coming from. Virus scans don't seem to do a thing.

 

IF an udated version of Norton doesn't find a virus on your PC's, you probably don't have one.

How will looking at traffic on your router help you determine anything? The only thing that will tell you is the sites being requested by each PC.

 

If you think it is a virus, run trend micro's free online scanner.

http://housecall.trendmicro.com

I have used it more recently and have just placed an order for 100 copies of the full product for work. We also purchased a McAfee websheild to monitor all inbound and outbound traffic.

If you need to monitor the traffic and have a hub/switch between your linksys you can setup a hub between the hub/switch you have all nodes going into and then plug the hub into the linksys, creating a spot to plugin a laptop/desktop with ethereal installed. Run this, check for outbound packets on random ports, download a copy of visualroute and trace some IP's back, if they are going outside the US it is most likely a virus/trojan.

If you want start asking people questions about websites they go to that you know their going to from the ethereal capture.

 

if you enable logging on your linksys router it also keeps a log of incoming and outgoing traffic...just ip src>dst and traffic type though(like ftp,http etc); not like what ethereal can provide you. i have exactly the same setup that anothercls described; all the swiched traffic in my house goes goes into a hub, which then hooks into my router and i've got a pc running ethereal that's plugged into the hub also. Because the hub is a shared media device, unlike a switch, all devices plugged into it can see all traffic going through the hub; perfect place to plug in a sniffer.

 

We have recently come across a lot of IRC bots in our office, probably from a lack of security on our routers after trying to stabilize our connection.

Is there a way on the linksys to block outbound traffic that doesn't have an established internal connection? Even setting it to only allow the specific ports, but be careful with DNS.

 

you can do basic port filtering on the linksys..just block outgoing tcp/udp port 194. i was browsing linksys' site and i also found this cool program for viewing the log files on your linksys router in more detail:
ftp://ftp.linksys.com/pub/befsr41/logviewer.exe

 

We dont have linksys here, but we were noticing a lot of random ports that made no sense like:

1517
3078
161
1515
3076
59480


Just using the port assignments nothing looked familiar.

 

I think it might be an email virus using the smtp server trying to spread itself on our network. Getting lots of virus from our domain. Not sure quite who/where it is coming from.

 

off the top of my head 161 is snmp. anything above 1024 could be randomly assigned ports.