Hello everyone,
I have several questions here and am going to try to present them as cleanly as possible, as I have been doing a lot of research and can't find a lot of information regarding my particular hardware configuration. I am trying to self-teach myself network monitoring / logging and just general networking skills using the best tools available (including packet analysis, decryption / encryption, etc). Anyway, here is a rundown of my network topology, pc configuration, and installed software. I am open to any and all suggestions, tips, resources, etc.
Router: Linksys WRT610N [2 wireless channels configured, 5ghz streams media to my xbox 360 and ps3, the 2.4ghz is for my blackberry and wireless pc internet connection]
Networked Devices: PC1 [wired, Windows XP]
PC2 [wireless via Linksys Wireless USB Adapter, Ubuntu / Kubuntu 9.0.4 Dual-Boot
Cell [Blackberry Curve 8900]
***Note: the following network monitoring software is installed only on my linux box!
Network Monitoring Software: ***Here is where I would appreciate someone who is more knowledgeable's input***
:Wireshark - I have this installed but cannot get it to pickup anything from any other source IP other than PC2. I previously was using WallWatcher (On Winblows) to analyze network traffic but the mechanism which made it effective was turning on logging in my WRT610N's admin panel and directing that log to the LAN IP of PC2 (which is still turned on, btw).
:Tcpdump - I currently have this running and logging to a .txt file on my external HDD which my /home directories live. I'll analyze this data when I get home and see if it is picking up anything from PC1. I do believe I need to configure my output to write to a file rather than the generic "output.txt".
:Ntop - I have been reading a lot of good things about this network monitor and am going to give it a shot as a last resort this evening if I can't hook anything up with wireshark and / or tcpdump.
So now, on with the questions!
1) is monitoring network activity from all pcs and my cell phone even possible using only wireshark? If yes, how?
2) is my tcpdump that is running right now logging anything from PC1? If not, how do I configure my network to capture this information using the hardware I currently have? Is this even possible using my current hardware? If yes, how? If no, what would you recommend in order for me to be able to capture this information?
3) Is it possible to take an Ntop log and analyze it in wireshark?
Again, sorry if my post was long-winded. Honesty I'm still really fuzzy in regard to networking in general (C# .net developer here), and it is one area in which I am pushing to become more knowledgeable. Thanks in advance to anyone who has any input, whether valuable or constructive criticism!
Bookmarks