Network Visibility
mcgssean
Enthusiast - Level 1

I purchased a tap where I take the Ethernet hand off from Verizon, connect it to tap and connect other side of tap to the WAN port.  The SPAN port allows me to see the traffic coming and going throught the router.  Everything works fine.

My problem is this.....when I am sniffing traffic, 99% of the traffic going to the Internet is the public IP address of the router and I am not able to see the Original Poster or OP.  I was thinking a tap would allow me to see wired and wireless but, that is not the case.  What is Verizon doing that is keeping me from seeing all of my traffic that is being generated on my LAN.  I get NATing but, I should see the IP requesting Internet bound data and the connection info.  HELP!

0 Likes
Re: Network Visibility
CRobGauth
Community Leader
Community Leader

If I understand, you are sniffing on the wan side of your router.

If that is true, all you will ever see is just data using the public IP address of your router.

What is actually going on is called pat. Each application that has a data session is mapped from their ip and port to the public IP and port on the wan side.

Re: Network Visibility
mcgssean
Enthusiast - Level 1

Is it impossible to monitor my wireless traffic without having to purchase extra hardware?

0 Likes
Re: Network Visibility
jonjones1
Legend

@mcgssean wrote:

Is it impossible to monitor my wireless traffic without having to purchase extra hardware?


There are router programs like the Netgear Geni that has this ability. There are also ways in the netgear routers to alert of traffic on your net.

i am not sure if all are like that.

use Google to search.

Good Luck

0 Likes
Re: Network Visibility
smith6612
Community Leader
Community Leader

What sort of traffic are you aiming to capture and analyze? The best way to do this is to use a router which either features a DPI Engine (many Linux-based routers do, pfSense is a powerful piece of software here). Otherwise, the type of "tap" you're referring to, works best between your router performing Network Address Translation, and all of your other devices. This means Router --> Monitor/SPAN/Port Mirror --> Switch + Wireless Access point providing access to devices.

Putting a SPAN prior to your router will simply show Internet Traffic to and from your public IP address. This is because as the poster above suggests, your router is doing NAT. Now, if your traffic were IPv6, this would work. There is no need for NAT with IPv6. Thus each device would have an individual IP adress which can be monitored right at your WAN port.

Re: Network Visibility
lasagna
Community Leader
Community Leader

As others have pointed out, where you inserted your tap is on the WAN side of the router after the PAT has been performed.  You essentially have the tap on the open internet after the router has performed it's translation of traffic onto the single publicly routed IP address assigned to you.

To accomplish what you want to do, you need to aggregate all of your traffic on your internal network and route it thru a single path before it hits the PAT point.   Easiest way to do what you want is likely to purchase an inexpensive second router and use it in "access point" mode - disable the IP address distribution, configuring the wifi, and then connect it  LAN port to LAN port to the Verizon router.  Then, disable the Wifi on the Verizon router.   You would insert your tap on the link between the access point and the router.   You would be able to see all traffic here in the clear before the PAT is applied on the public facing network.

0 Likes