I have few questions about packet sniffer. I'm using a zyxel p-600 series modem and a hub to distribute the internet connection.
Details:
Can I use a packet sniffer here to determine if the user is downloading something?
Yes you can, if what you have is really a hub, not a switch. If it's a hub, then all network packets are sent out to each port, allowing anyone to see everyone else's traffic. If it's a switch, then network traffic is only sent to the port(s) to which the traffic is destined.
Can I determine if the user is downloading a file based on the modem alone.(The lights blink faster)
Well, you may be able to make a general guess as to what's going on with your internet connection just by looking at the lights, but you really shouldn't rely on that.
Is there an application that I could use for the modem or the hub to limit or avoid direct downloads.
You need a router/firewall in between the modem and the rest of your network. Something like PFSense running on a spare PC would do just fine, and would allow you to have fine-grained control over the type of traffic that's permitted to leave your network.
1. Can I use a packet sniffer here to determine if the user is downloading something?
Yes, basically you only need Putty.
Logon to modem via telnet. Busybox will welcome you.
then cat /proc/sys/net/ip_conntrack or tail -f /proc/sys/net/ip_conntrack | grep ASSURED | grep 'dport=80'.
but first, you need to know how to read & analyze the ip_conntrack file.
try there, i bet you can understand easly.
here is a simple brief to understand ip_conntrack http://www.faqs.org/docs/iptables/theconntrackentries.html
2. Can I determine if the user is downloading a file based on the modem alone.(The lights blink faster)
Relative to first answer. you can look for basic eth statistics on modem's busybox. it depends vary of modem's software. but there is always eth statistics.
Another way is SNMP. activate snmp on modem's admin interface. Then download the program named STG. snmp traffic grapher. Then try to connect to modem via STG. it will show you realtime statistics of down / up bandwidth.
3. Is there an application that I could use for the modem or the hub to limit or avoid direct downloads.
Yes, most interesting & most efective application is already installed in your modem which named as IPTABLES.
http://www.netfilter.org/documentation/index.html
just logon to your modem via telnet. to see what is iptables doing iptables -L.
then prepare your rule via documentation rest is only to apply it.
Also iptables will offer you more interesting limitations & blocking technics.
