Hi, I have a small home network which I will try to give as much info about as possible. I have 3 PCs connected to a Linksys WRT54GS router. Each computer is assigned a static IP in the network. What I want to do is to find some way to track what websites are being visited on the other computers from my main PC. I do NOT want to install any kind of hidden program on the target PCs, since antivirus programs usually pick these up. What I really want is something that would track all incoming traffic and what computer it is going to. I have a ~moderate~ knowledge of networking, so please explain to me what could work to accomplish this in simple terms.

Thanks so much,
Derek

I don't know the capabilities of the wrt54g but you could plug a hub in to the router and branch the traffic off to your machine and run a packet sniffer such as wireshark and monitor all network traffic. You would see IM, emails, etc in addition to websites. Before I delve too deep in to that topic will adjusting your cabling be a viable solution for this?

Well, I have an old DI-604 router...would I be able to use that as a true hub? Or if necessary, I could pick up a 4 port hub at walmart. (Used to have an old one laying around here...don't know what happened to it :-) I don't see changing cabling as a problem. Please do explain more though! :-)

Actually -- are the other computers hard wired or connected with wifi/802.11 ?

All computers are connected with normal Cat5e cables, no wifi in use at this time.

Ok, two possible wiring scenarios unless someone knows how you can tee traffic on the router which is conceptually the same as what I am doing here but doesn't require hardware. Basically you need to tee all the traffic to a central computer that analyzes the traffic and records what you want.

Wiring scenario #1:
Everybody can see everyones traffic. They have to know how to look for it but the other members in your household could see your traffic.

Wiring scenario #2:
You could see everyone elses traffic, but nobody could see yours.

Software scenario:
Plug your software in to port #1 on the router. Have the router copy all traffic to/from ports #2,3,4 out port #1 so you can see it. I don't know how/if this can be done with your router but it can on enterprise routers.

Once you have the setup complete you can just run Wireshark on your computer and it will analyze all of the network traffic for you. You can set up filters in Wireshark to only only capture "HTTP GET" requests on port 80/TCP which will analyzes all of the website traffic which is what you asked for.

--- or another approach ---
I know you can download utilities to flash the wrt54g and install custom firmware to do more advanced tasks. You may be able to use this to set up a PROXY on the router and have the proxy log all web traffic requests. This is also identical to the solution mentioned above.

PS - I offer graphic design service for $100/hr if you were impressed with my diagram!

I don't see that this would be a problem. The other folks in my house are just smart enough to delete browsing history...that's about it. Viewing traffic would be WAY beyond their scope. Maybe I will pick up a true hub today and try that. The way I understand it, the router ONLY sends data to the specific host that requested it, not to all of them. I had downloaded a trial version of the Ming Network Spy and Network Monitor. Supposedly the Network Spy will work with ANY network scenario, but the only thing I could pick up was any sites on the LAN that were visited, no WAN sites showed up. I emailed them and they said to make sure it was a true hub, and my thinking is that perhaps the DI-604 is not operating that way.
Would this be something like "Static Routing" on the WRT54GS admin settings? http://downloads.linksysbycisco.com/...20070529,5.pdf Chapter 3, Advanced Routing

One other thing, by routing all data through my computer first, will this present any significant slowdown on the throughput speeds for data transfer to either the other computers or to my computer?

I will be SURE to consider you should I ever have the need for graphic design! With your talent, you could probably even charge $200/hr! :-)

I'm glad you liked my artwork

>The way I understand it, the router ONLY sends data to the specific host that requested it, not to all of them.
No, routers only route traffic. In one ear and out the other. It is a little misleading since your wrt54g router has a 4 port switch built in to it.

A switch keeps an internal table of MAC addresses so it knows which MAC address is on which physical port. That way if port 1 wants to talk to port 2 the data goes in port 1 and out port 2.

A hub is dumb. It receives traffic and broadcasts it out all 4 ports because it does know who is where. This is why hubs can't be used for large corporate networks because they send out a lot of traffic to the wrong ports.

>Would this be something like "Static Routing" on the WRT54GS admin settings
No that is something else.

>One other thing, by routing all data through my computer first,
No -- This will not affect speed since you are not really routing the traffic through your computer. Your computer receives a duplicate copy of the traffic sent to/from the router. By the time your monitoring software has parsed the packet the router will have already handled the request and sent data to the internet. You're basically "listening in" on their internet traffic.

--

There is another way to do this with ettercap where you can hijack a switch but this is WAY beyond the scope of this thread and MUCH harder to implement. Its called "ARP Hijacking" if you want to look around. Windows won't let you do it -- the operating system will crash any program trying to send out incorrect ARP packets to stop people from doing this. You can do it on Linux with ettercap but I would highly suggest you use what we have been discussing. That gets in to the deep nitty gritty of network.

Am I correct in assuming that the DI-604 will NOT function properly as a "dumb" hub? How could I check this?

Correct. It will not function as a hub, it has a 4 port switch built in to it.

http://www.amazon.com/D-Link-DI-604-.../dp/B000069K98