First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Capturing packets from ISP side of router

I'm having an issue where intermittently DNS requests time out. I have the standard ISP cable connection, a modem and a Linksys Mesh router. Most of the time everything is working fine. Good download speed, no issues connecting to internet web sites and all. Intermittently, I get the error that a website can't be found. When I jump into a cmd window, and issue a nslookup to a node at my ISP, the requests timeout. If I use the ISPs DNS address, (NSLOOKUP imap.myisp.com <isp addr="" dns="" server=""> )the request succeeds. so it looks like my router is not forwarding the DNS request. BTW, when this is occurring, all existing connections continue, no dropped connections, no drop outs logged by the modem or router.</isp>

If I configure the ISPs DNS server addresses in my PC Ethernet config, I don't see the issue.

I can't tell if the IPS is causing the issue or my router. To verify, I think I would need to capture the traffic on the internet side of the router. Is this even possible? If so, how? If I put a Managed switch in line and setup a port for Mirroring, would that work? Would the monitoring computer be visible on the ISPs network?

I've called the cable company and they didn't see any issues on their side. I called the router company and they couldn't help. Any ideas on how to narrow this down?

DoctorBrown's avatar
1
DoctorBrown
asked 2022-03-31 01:37:17 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

2 Answers

0

You could call the FCC and ask if it is legal to set up a port mirroring, let them know what is happening, they maybe able to suggest something to you. If not just try the switch and port mirroring anyway.

I connected my computer to the modem from my ISP and got traffic, packet captures to see what was happening and that is a mess.

Vtechie's avatar
1
Vtechie
answered 2022-03-31 06:15:06 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Yes, I know that connecting your computer (as the only node) works, but what I'm doing is connecting a second device to the internet side. I'm not sure what happens then. Does the ISPs gateway assign a second IP to the connection? or is it blocked, or something else.

Sure I could just try it and see what happens. I might do that.

Re: FCC, that might be a little risky given all the hacking I've been doing lately. LOL.

DoctorBrown's avatar DoctorBrown (2022-03-31 06:26:52 +0000) edit
more
  • delete
add a comment see more comments
0

If I understand it correctly you have a (wired) Ethernet cable between the modem and the Linksys Mesh router and the modem is truly a modem (not doing routing, firewalling, NAT, etc.). Then capturing on the WAN side is basically the same as on the LAN side.

A tap will work.

A switch with monitor function will also work, provided the ISP does not check for or require specific MAC-addresses. Depending on the model of the switch you may have to disable the 'packet injection' feature.

André's avatar
176
André
answered 2022-03-31 19:42:04 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Yes you understood exactly. Thank you, that what I was thinking, but just wanted to be sure. I'm just a typical home user that usually only uses (or is allowed) one device with a WAN IP address.

DoctorBrown's avatar DoctorBrown (2022-03-31 20:03:02 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer