locked
Home networking issues abound! RRS feed

  • Question

  • Hello, everyone. 

    Man, oh man, this question gets asked a lot. I've looked through all the forum (and scoured multiple others) and haven't found a solution to my question. That makes me sad. I hope that somebody can help me out.

    My roommate torrents. Told him not to when he moved in, found out he was doing it the other day. He said he'd stop. I don't believe it. I downloaded some network monitoring software when I realized that -- wait a minute -- there's no other computers on this network. I went directly to my ATT Residential Gateway and checked it out and, sure enough, all the devices in the house were listed on there. I found that odd.

    So I began my quest to get my computer to recognize all the devices connected to the network. It's not just about sharing files and what-not. I just wanted to have all the computers recognized as part of the network; if I did that, I'd be able to monitor each IP address separately. As it stands now, the only device on the list is my computer. It recognizes is itself, at least (a lot of good that does me.)

    So I started looking for steps online, probable reasons that this wasn't working. I've tried everything under the damn sun! I've changed workgroups, enabled and disabled settings, went into my ipv4 and ticked/unticked boxes. I did the firewall "trick," something that didn't help the problem at all. This process has been repeated on each computer in the house.

    So, I just wanted to know if there was anybody that was savvy enough on here to really help me work through the issue. There has to be someone who's had some kind of success with ATT's box, with the problem at large (though that sounds improbable, I know.) If anyone has any leads of what could be happening, I'd appreciate the help. This is driving me mad.

    Saturday, October 20, 2012 12:18 AM

Answers

  • For netbios name resolution some ports should be opened 137-139 in "classical" operating systems.

    There are some recommended measures on router. You can assign IP address to particular MAC address (arp -a would reveal all active connection on network), then there is QoS, logging on router and firewall to name few. In summary configure your network "edge" instead of catching packets. There are some legacy measures based on remapping wrong sites to local loopback, but unfortunately these "rogue" devices are using IP adresses instead of name (or they do not need FQDN resolution.)

    Regards

    Milos

    PS: Use TCPdump on Linux host to see the network traffic.

    • Proposed as answer by Jeremy_Wu Tuesday, October 23, 2012 4:40 AM
    • Marked as answer by Jeremy_Wu Tuesday, October 23, 2012 5:56 PM
    Saturday, October 20, 2012 10:15 PM
  • Hello,

    What you are asking for is to see all PC using NetBIOS resolution. That will be difficult because people can bring in PC's that are in another workgroup, have firewalls, etc. and so you will fighting an uphill battle. The best way I can see right now is to look in the router's DHCP table and that will tell you how many PC's are on it.

    My guess is that you want to do this to prevent file sharing. If so, snooping the network is not the right way to tackle the issue. People can still torrent when you are not there and you would not know. Furthermore, if you are the owner of the Internet conection, you are responsible for it.  You can get relatively cheap routers that have MAC address filters and block access to PC's from people that you catch doing things that you don't want. This sounds like a human issue or a behavioral problem more than a technical problem.

    Depending on the level of sophistication of the users, you can use free services such as OpenDNS to block file sharing sites, but  getting around them is easy if you know how.

    My suggestion is to purchase a good router that has packet shaping capabilities if you have it in your budget (like Sonicwall). You can block access to certain types of programs incluing p2p and bit torrents.

    If the AT&T router supports syslogs, you can output traffic to a syslog program and get pretty good view into what's going on in your network.

    Sniffers like wireshark also will help you sniff out network traffic.


    Miguel Fra | Falcon IT Services, Miami, FL
    www.falconitservices.com | www.falconits.com | Blog

    • Proposed as answer by Jeremy_Wu Tuesday, October 23, 2012 4:40 AM
    • Marked as answer by Jeremy_Wu Tuesday, October 23, 2012 5:56 PM
    Sunday, October 21, 2012 3:57 AM

All replies

  • For netbios name resolution some ports should be opened 137-139 in "classical" operating systems.

    There are some recommended measures on router. You can assign IP address to particular MAC address (arp -a would reveal all active connection on network), then there is QoS, logging on router and firewall to name few. In summary configure your network "edge" instead of catching packets. There are some legacy measures based on remapping wrong sites to local loopback, but unfortunately these "rogue" devices are using IP adresses instead of name (or they do not need FQDN resolution.)

    Regards

    Milos

    PS: Use TCPdump on Linux host to see the network traffic.

    • Proposed as answer by Jeremy_Wu Tuesday, October 23, 2012 4:40 AM
    • Marked as answer by Jeremy_Wu Tuesday, October 23, 2012 5:56 PM
    Saturday, October 20, 2012 10:15 PM
  • Hello,

    What you are asking for is to see all PC using NetBIOS resolution. That will be difficult because people can bring in PC's that are in another workgroup, have firewalls, etc. and so you will fighting an uphill battle. The best way I can see right now is to look in the router's DHCP table and that will tell you how many PC's are on it.

    My guess is that you want to do this to prevent file sharing. If so, snooping the network is not the right way to tackle the issue. People can still torrent when you are not there and you would not know. Furthermore, if you are the owner of the Internet conection, you are responsible for it.  You can get relatively cheap routers that have MAC address filters and block access to PC's from people that you catch doing things that you don't want. This sounds like a human issue or a behavioral problem more than a technical problem.

    Depending on the level of sophistication of the users, you can use free services such as OpenDNS to block file sharing sites, but  getting around them is easy if you know how.

    My suggestion is to purchase a good router that has packet shaping capabilities if you have it in your budget (like Sonicwall). You can block access to certain types of programs incluing p2p and bit torrents.

    If the AT&T router supports syslogs, you can output traffic to a syslog program and get pretty good view into what's going on in your network.

    Sniffers like wireshark also will help you sniff out network traffic.


    Miguel Fra | Falcon IT Services, Miami, FL
    www.falconitservices.com | www.falconits.com | Blog

    • Proposed as answer by Jeremy_Wu Tuesday, October 23, 2012 4:40 AM
    • Marked as answer by Jeremy_Wu Tuesday, October 23, 2012 5:56 PM
    Sunday, October 21, 2012 3:57 AM