mercoledì 14 giugno 2017

Windows PC + Linux router: find who is doing traffic

Here is how I can find what PC is doing traffic on my ADSL connection.

I have a Linux-based router. I'm using a Windows PC.

I can login in my router by using PuTTY: so I installed putty on my PC and I configured public-key authentication.

I downloaded Wireshark and I installed it on my PC.

Then I downloaded and installed plink from the PuTTY website.

Finally, I created a .bat script with the following commands:

C:\plink\plink.exe -i "C:\Users\Marco\Documents\router.ppk" -ssh admin@ "tcpdump -s 0 -w -" | "C:\Program Files\Wireshark\wireshark" -i -

The command is copied from this article: HOWTO: Use Wireshark over SSH (Linux and Windows).
I just inserted the absolute paths of plink and of wireshark, I added the "-i" parameter for using the public-key authentication, and I removed the port filter, as I'm interested in all the network traffic.

Now I can execute the .bat script, then I can start the capture of the packets in the Wireshark user interface, I can stop it, then I can go to Statistics/Endpoints/IPv4 or Statistics/Conversations/IPv4 for a better understanding of the network usage.