How To Track Devices On Home Network (See what they look up, etc.) On an ASUS Router

[Chuck4455]

I need to find out if it possible to track the devices connected to my home network, for internet browsing history and other related information because it has become a security concern within my household. I'll be straight forward with what I need to know and what I am currently using.

Equipment/Setup:

• ASUS RT-N66U Router (Dark Knight) (Dual Band) 2.4ghz/5ghz
• Network configuartion is by ASUS
• Operating System is Windows 8 64-bit
• No proxies or VPNs
• I have access to the router via LAN, but others have WLAN

Questions:

• Can I view the internet browsing of the devices connected to the network? And if so how much information?

• If the setting do not allow it is there a method to bypass the masking of urls/DNS in the ASUS configuration or some other software or hardware that I can use?

• If there is a way to get a hold of this information how can I prevent this from occurring using software/hardware?

 

[bill001g]

Lets just say its not a easy thing to do.

To a point the router will show you ip addresses and port numbers of open sessions at one instance it is very limited.

Because what you want to do makes stupid peoples brains hurt to even think about the router vendors keep dumming down the product so the family dog could configure it.

You are in luck though, the n66u is one of the better router to run third party firmware on like dd-wrt. Since this is linux based you have many option. The main one it has is called netflow. This allows it to capture every open session and send it to a remote pc. You will need to run a collection software on a machine to let you run the reports. the router does not have a hard drive to store it. You should be able to use software called PRTG, it is commercial but the trial version is more than a home use can use.

Now netflow does not actually give you the URL itself just all the sites and the ports. You can tell that someone was say at flickr but you can't tell exactly which photos they were looking at.

To get very detailed data you need to actually capture the packets themselves. Since it is linux you can install tcpdump and capture the data but not sure where you would put it. The solution I have seen discussed is to use the IPTABLES command and tell it to make a copy of every packet and send it to another ip address. You would then run wireshark on that machine. You big problem now is you have every byte of data that every user sent. You have to get very skilled at filtering data so that it does not take hours to get a report out of wireshark.

Again its going to not be a easy thing unless you have used unix based systems a lot.

Of course the other solution is to buy a hardware firewall that has disk storage in it and will generate reports like this. Its a cost vs convenience thing.

 

[lukeconft]

Assuming you have a seperate router and modem, it may be easier to put a ethernet hub between the 2 devices, then connect one of the spare ports to a PC and run wireshark on there. You may find that network performance is impacted though, but it would be cheap.
As Bill001g says, cost vs convenience

 

[Chuck4455]

Thank you both for the suggestions, forgive my late response I have been quite busy lately. I will try and get the recommended software and another router & modem to test your solutions, as well as research the subject more when I have time. On another note, is it possible to do the recommended without directly using the router? I mean as in being connected to the network in WLAN/WiFi but not physically having the router at your disposal or without having the information to access it? I just need to know if having direct access to the router is a big liability, other than being able to disconnect it and reset the password when it comes to gathering information on the devices connected to it. And if so, is there any software to prevent the device from being logged other than VPN, proxies and anti-spyware?

 

[bill001g]

Wireless traffic is always susceptible to monitoring. People like to act like some hacker can listen in but it is not a trivial thing to do.

First you have the issue of getting the key..at least in a home environment it is a fixed value used by all users. Guessing this key is not really possible if you make it complex. But in your case you would know the key since it is your network. The next issue is this key along with a couple of random numbers is only used to start the process. The actual key used to encrypt the session is generated using these numbers so you need to capture those and then generate the key to decrypt the rest of the capture. And then FINALLY after you do all that you can get monitor the actual traffic. Again the main tool used here is wireshark.

This takes a very good understanding of how wireless keys and WPA/WPA actually work. All the tools are preloaded on a unix distribution called backtrack (they recently change the name and I forget the new one). You can just boot this DVD image and process the data.

Still it takes a great deal of skill to actually get useful information.