SNMP or way to track outbound traffic by IP?

[Jaquio]

I know this may be off-topic or at least showing my lack of knowledge of how most consumer routers work, but is there any way to track outbound traffic from my XR450 using DumaOS? I wrong assumed it would be easy or that the capability was there...unless I am so |\|008 I can't even find it. Does the router support this? Do I need another device? Is Pi-hole something that would do this easily? I only ask since that is a Raspberry Pi and would be fairly inexpensive to set up. Comcast keeps sending me emails that I have a bot on my network and I wanted to try to check the outbound logs to see if I could figure it out. Thanks for any assistance.

[Netduma Fraser]

Hey, welcome to the forum!

There isn't a way to do this currently. What might be easy though is to buy a hub (not a switch) and try this:

ISP hub - hub - XR450
                         - Laptop 

That way you could then run something like Wireshark on the laptop and see all of the outgoing traffic from the XR. 

[Jaquio]

Thanks for the fast feedback, Fraser! I shall do this!

[Jaquio]

So I was doing some research. I found this relatively inexpensive device. From what I understand, it seems I need to have a machine plugged into the hub in order to monitor its traffic. Can Wireshark (or other software) monitor traffic on the hub directly? I guess I am asking if it gets an IP address and has a way to send out information to a PC that is monitoring it remotely (like my laptop) but on the same network. Or would I have to be manually plugged into the device in order to monitor traffic flowing through it? I was hoping to have a device just capture the logs all the time so I can go back through them when I get one of those emails from Comcast. I hope that was clear. Thanks again.

[Netduma Fraser]

That was exactly the hub I was envisaging actually as I've used it before for a similar purpose. You would have to be plugged in. Alternatively, you may be able to use WireShark on your PC without the hub if you use promiscuous mode which supposedly captures traffic on your network rather than just to/from the PC but I haven't tried that, worth a try before you spend any money at least.

[Jaquio]

Thanks, since I have quite a few internet connect devices I am probably going to have to go for the HUB option so I can capture all information. Wish me luck.

[Netduma Fraser]

Good luck, let us know how you get on!

[Jaquio]

Hey, Fraser,

I know it has been a minute since I last replied so I will update. I received the device but I failed to realize when ordering it (massive oversight on my part) that it is only 10/100 since it was made in the 90s. I sent it back since my plan was to keep this connected for an extended period of time and that would slow my connectivity greatly. I will have to look into either getting a new router or some other capture device that can handle the 1GB+ throughput I need and can also log all connection attempts. I have noticed that I get a lot of DoS attacks. From what I gather from reading internet posts, explanations range from this being completely normal nowadays to me doing something terribly wrong to be getting fairly consistent attacks.

If I get it figure out out, I will let you know. Here is hoping that DumaOS supports SNMP or similar in the future so logs can be dumped to my NAS and analyzed later :).

[Netduma Fraser]

Thanks for the update! DoS attacks are quite common on Netgear routers, they usually show connections you've come in contact with, try an IP search with one of them and you might get Google for example. 

[Jaquio]

Great tip! I shall do some sleuthing.