Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN How To

One of the features I've seen in newer small network routers is the inclusion of a packet sniffer/capture/trace tool within the diagnostic menus of the device. Routers I've recently tested with this functionality include the SonicWall TZ190W, D-Link DFLCPG310, and Netgear's newly released FVX538 and FVS336G.

In each case, these devices have the ability to capture packets on a specific WAN port and/or on the LAN interface. Some of these routers have more sophisticated filtering capabilities than the other, but they all seem to have the same basic functionality of capturing packets.

For example, on the Netgear FVS336G, capturing data traversing the router is done by simply clicking on the Capture Packets button withing the Diagnostic menu, and then selecting which interface is to be monitored (Figure 1).

Packet capture on the Netgear FVS336G
Click to enlarge image

Figure 1: Packet capture on the Netgear FVS336G

Once an interface is selected, the router-based tool is simply started and stopped for traffic collection, and then the file of collected data can be downloaded to a PC for analysis. The analysis of the data is then done by using packet capture software, such as the well known Wireshark, formerly Ethereal.

This powerful software continues to evolve over time with greater capabilities and features, yet it remains free for download and general use. Impressively, there are versions of Wireshark for Windows, including Vista, as well as Linux, Apple's OSX, and Unix. There are alternative packet capture software tools, such as Microsoft's Network Monitor Tool, as well as the Unix/Linux based Ettercap, yet Wireshark seems to be one of the most commonly used.

The goal of this series is to provide some direction on how to use Wireshark to do some pretty interesting network analysis and troubleshooting on a network, which is something any network administrator can use to better manage his or her network.

The first step is to download and install the software. You'll want to make sure you install WinPcap along with Wireshark. Note that Wireshark can also perform packet captures directly using your PC's wired or wireless interfaces, using WinPcap.

Once you've got the software installed, verify that it can detect your interfaces. Clicking on Capture - Interfaces will give you a display of detected interfaces and their IP addresses, such as shown in Figure 2.

Wireshark Interfaces
Click to enlarge image

Figure 2: Wireshark Interfaces

You want to make sure your interfaces are detected, otherwise you won't be able to use the full power of the software. I've had trouble getting WinPcap running on some PCs, which I've usually resolved through a little software un-installation and re-installation, so get this out of the way first.

With Wireshark successfully installed on your PC, try doing a simple capture of some basic web traffic to get familiar with the tool. Simply click Capture and then Start with your PC connected to the Internet, and fire up a browser to an Internet web page. You'll see a whole bunch of messages scrolling up and down the screen, filling in data in the No., Time, Source, Destination, Protocol, and Info columns. Click Capture and Stop to end this sample packet capture.

Now that you have some collected data, you can use the power of the tool to read and understand what type of traffic we've captured. To look at only the Web generated traffic from our packet capture, click on Analyze and Display Filters from the top menu bar. This will show a list of pre-made filters that can be used to show common traffic types. For example, clicking on HTTP from the list of Filters will narrow down the captured output to the packets sent and received between my PC and the web pages I opened while the capture was running (Figure 3).

Applying the HTTP filter
Click to enlarge image

Figure 3: Applying the HTTP filter

I now have numerous lines of output, which I can further examine and see my source and destination IP addresses, port information, and various other details regarding the data flows I have just generated.

This initial data may not be all that interesting to look at, but this example just scratches the surface. There are numerous applications for using a packet capture tool, such as in validating network connectivity, authentication troubleshooting, and wireless network analysis, to name a few. In the next installment of this series, I'll go into more depth on reading the information in the packets and some more uses for these powerful tools.

More LAN & WAN

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Featured Sponsors



Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

Hi,Is there a way to set sequential IP assignment for non-static IP's?There's no particular reason, just checking because I remember I could on a linu...
Per an announcement at https://connectsafe.norton.com/, the service will be discontinued on November 15, 2018. I don't know if it had widespread usage...
Hi,Was wondering what additional features you get with the full Merlin AC88U firmware package compared to stock AC88U firmware?Thanks
So I've finally forayed into getting some moca devices and they are as plug and play as powerline, but with superior speeds. And they can be dirt chea...
I have a number of ASUS routers I have updated to firmware versions 3.0.0.4.382.50470 or 50702 - these are typically older routers like the single cor...

Don't Miss These

  • 1
  • 2
  • 3