NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Old WNR2000v2/3 - possible to monitor traffic?
Hi,
As the title states. I'd like to monitor and block traffic on my ancient WNR2000v2 or WNR2000v3 (I haev both) Netgear wireless routers. The blocking works, and I've selected to log any attempts both successful and blocked, but nothing is logged (other than DHCP responses and logins to the admin UI, and some portscan attempts). Traffic from inside the network to either another node inside, or to the outside, is not logged.
Anyone know if this is by design, or if there's something I can do to fix it? I have installed the latest available firmware on both devices.
4 Replies
A reasonable interest that, alas, no Netgear router will accommodate.
- The IoT device is connected to the router over WiFi, which is encrypted, and bypasses LAN data collection. (Apparently it is technically possible to put a WiFi adapter into a mode that will enable collecting and decoding WiFi traffic. But, I personally have never found a way to do it. There is a software package [HTTP Toolkit by Tim Perry] that can be used to inspect web traffic, but I am too cheap to pay the monthly fee to use it.)
- When communication leaves the router, the device IP address is hidden behind Network Address Translation (NAT).
There IS a method to gather this information, but it neither simple nor "free".
- Install a WiFi extender with an Ethernet port in access point (AP) mode (or an actual WiFi access point) with a WiFi SSID different from the current router.
- Configure the IoT device to connect to this WiFi SSID rather than the current router.
- Tap into the Ethernet connection between the router and AP and connect the tap to an Ethernet port on a computer.
There are a number of ways to tap an Ethernet link, including inserting a smart switch to 'mirror' a port and all sorts of Ethernet taps (from a $10 Throwing Star to the $250 Dualcomm ETAP-2003) - Set up Wireshark (or some other network monitoring program) to collect information from the tap.
- Once it is obvious what the hardware MAC address of the IoT device is, define a filter on Wireshark to avoid collecting information not connected with this IoT device
This information will show clearly which internet IP addresses are communicating with the IoT device. Since the data packets are almost certainly encrypted, there will not be much to look at.
Perhaps a silly question: Does the WNR2000 provide command line access to the Linux operating system (either telnet or ssh)? If so, there may be Linux commands what will display "open connections".
Thanks for this comprehensive reply!
I wasn't aware it mattered, but the IoT device is actually plugged into an Ethernet port on the router. It's a sort of self-contained "server" for some security cameras, designed to be used as local storage for the feeds. Unfortunately there have been reports that some images/streams/data are broadcast to the Internet/cloud without user consent, which is what I'm trying to determine whether it affects my unit. (Ideally I would just isolate the whole setup from the Internet by giving it its own network, but of course, it's just a paperweight without Internet connection for some unknown reason).
I also know the IoT device's MAC address, since the Netgear router reports it and its associated DHCP IP address in the "connected devices" screen.
So since it's already on Ethernet, I won't need the wi-fi extender and just need some sort of "tap". I have an unmanaged network switch on-hand (D-Link DGS-1024D) but I assume that's not the same thing as a smart switch. So I will have to buy something to complete the task.
Then I can install Wireshark on the Linux PC, and using the MAC address from the IoT device, I can see the IP addresses it's communicating with, but not the content of the communication (because of HTTPS connections).
Do I have that right? Did I missing anything?
It does seem I am able to telnet into the router (I tested the WNR2000v2). I didn't see anything that would allow me to monitor traffic when I asked for a list of commands.
Monitor traffic? Like per device bandwidth usage? or what monitoring are you wanting?
Because there really isn't much on those devices and it seems like you're doing what you can.
They're also both not-gigabit. They're slow/ancient routers that were released over a decade ago.
If you're wanting more monitoring, I'd look at either building your own router or picking up one that supports those features. netgear hasn't been the greatest at device specific monitoring in their consumer gear so I probably wouldn't go that route. Unless you pick up something that supports ddwrt (the wnr2000v3 does but not well)
Thank you for your reply. Not bandwidth usage but request/response traffic. I want to monitor an IoT device on my network to see what it's doing exactly. So if I can monitor its MAC address or local IP address and see what IPs it's trying to communicate with, it would be really helpful.
It's fine if they are slow. Gigabit speed is not necessary nor required.
It's confusing because the WNR routers both have options for blocking and logging, but they don't seem to work.
I don't know what "ddwrt" is but I will look into that. Thank you!
