2

For about two weeks now, a friends family has trouble with their internet connection. They're telling about situations where the connection completely drops for hours (although they still seem to be connected to their ISP) or is incredibly slow, even if no one uses a computer. Since I'm never there when this seems to happen, I'm looking for a way to monitor the network over a period of a few weeks in order to analyse possible problems.

Their network consists of approx. 6 computers where 2 of them access the LAN over wifi, 1 cable modem provided by their ISP, 1 router and 2 switches.

I thought about hooking an old computer with two network cards between the modem and the router running a linux distribution suitable for monitoring network traffic, detecting connection drops and analyzing packages.

Goals

  1. Monitor traffic, detect connection drops between router, switches and/or ISP.
  2. Analyze packages, filter out common programs (maybe games?) and detect bandwidth peaks (e.g. when a software (detected by port) uses large amounts of bandwidth that may slow down the network)

Does anybody have a good idea how to achieve this? Is there a full featured linux distro that's suitable for such a task? Or should I do this completely different?

Improve this question
2
  • untangle.com/store/lite-package.html
    – Ƭᴇcʜιᴇ007
    Commented Apr 11, 2014 at 13:49
  • plug box in there network, as they do - just ping user, router, isp, user dns, isp dns, internet; monitor dns service; Most times this information is enough to make conclusion where trouble begins.4 points to check - isp, router, loops in user network, dns
    – MolbOrg
    Commented Apr 11, 2014 at 18:18

1 Answer 1

Reset to default
1

You could set up a Windows or Linux box as a router (Windows: Google 'Internet Connection Sharing', Linux: Google 'linux nat router') and capture all traffic with Wireshark or tcpdump.

What might be better is to put a hub (or a switch with port mirroring functionality) between the router and the cable modem and connect a seperate box to the hub which captures all traffic. All traffic will be sent out on all connected ports, so the host can sniff all traffic.

Tools to do this are Wireshark and tcpdump. Keep in mind that if you are sniffing all traffic, you will have to store it somewhere (so you would need a big disk).

Regarding the analysis of the traffic itself: you might be looking for a needle in a haystack. 'Connection drops' are not actual packets (except for TCP RST packets perhaps) so you would be looking for something that is not actually there. Ask your users to keep a detailed log of 'connection failures' including time and website visited so you can narrow down the search.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .