NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Blocked Sites
Hi all, Bit of a weird one for me. I have a number of keywords included in Block Sites on my RBR850. These seem to work fine, I get an alert every time they come up, which is good. Howeve...
Thanks for the reply, I wasn't aware that was how the blocking worked. Seems a bit lacking for a £1000 system, but not entirely surprised it's not as fully functioning as it could be, given nothing much has changed in the FW functionality for about 5 years.
So, I'm still puzzling about this issue, keeps coming up every few days, with little pattern and the LAN/WAN Packet Capture is next to useless as it doesn't hold the data in memory for very long and port mirroring doesn't seem to be available as an option on the 850 where is was on the 50 (though, I doubt it actually worked from what I had read).
Have been playing with Wireshark, but that seems overkill in terms of the amounts it captures vs the needle in a haystack that this occasional visitation of a blocked site..but maybe I need to persevere to see if I can refine what it sniffs out..
I loathe to just give up, I don't like being beaten, so any suggestions on what I might be able to do would be appreciated.
I face the same frustration with attempting to capture information about internet traffic. Like Alice, I went "down the rabbit hole."
- Purchased a gigabit switch that allows mirroring ports.
Amazon sells the Netgear GS-105Ev3 and GS-108Ev3. I bought the 8-port because the day I looked it cost less than the 5 port.
I had tried a TP-Link switch, but could not get the port mirroring to work. - Insert the switch between modem and router.
- Mirror one of the ports (doesn't matter which) to a different port.
- Connected that port to my PC. (Because the PC's only Ethernet port was already in use, I purchased a Gigabit to USB adapter.)
- Opened Wireshark to capture the USB adapter.
- Once I verified that Wireshark could capture the router-modem communication, created Wireshark Capture filters to record only the information I wanted. (It would have worked to capture all those gigabytes of data and try to sort through it later, but this became an obsession.) Some examples:
- Recorded the pattern of DHCP packets when my router would ask the ISP to renew both the IPv4 lease and the IPv6 lease.
It turns out that my ISP (Spectrum) behaves exactly as expected. - Recorded every time the router contacted Netgear's firmware update site.
- Recorded the pattern of DHCP packets when my router would ask the ISP to renew both the IPv4 lease and the IPv6 lease.
Unless these spurious attempts come from exactly the same source IP every time, I fear you would have to capture everything and when the log shows a site being blocked, then go into Wireshark and look for packets at about that time of day.
So, not trivial or low cost.