0

I will be going on site to help hotel manager to identify who is using P2P (torrents) in hotel and abusing network usage for other guests.

Easy option would be
1. Port Mirroring on wireless router and Wireshark analysis.
Hard one
2. Man in the middle, (in case router does not support port mirroring which will require scanning netowrk with Nmap going machine by machine with Cain and Able)

Network is TalkTalk and I think wireless router used is Huawei (not sure about model, haven't been on site yet).

In case it is Huawei model that allows port mirroring I have found this guide on how to set up port mirroring.

Problem: I am used to do router configurations by via browser connecting to router (usually on 192.168.0.1) and then changing configuration. However in manual that I have linked to (4.4.1 Configuration on Device A (in my case wireless router)).

Instructions are:

I. Configuration steps
1) Configure the remote source mirroring group

 #Create remote source mirroring group 1.

<DeviceA> system-view
[DeviceA] mirroring-group 1 remote-source

# Create VLAN 2.
[DeviceA] vlan 2
[DeviceA-vlan2] quit

# Configure GigabitEthernet 1/0/25 as the mirroring port, GigabitEthernet 1/0/26 as
the reflector port, and VLAN 2 as the remote-probe VLAN in the remote source
mirroring group.
[DeviceA] mirroring-group 1 remote-probe vlan 2
[DeviceA] mirroring-group 1 mirroring-port GigabitEthernet 1/0/25 inbound
[DeviceA] mirroring-group 1 reflector-port GigabitEthernet 1/0/26

2) Add monitor ports to the remote probe VLAN 

# Enter the view of the interface connected with the analyzer.
[DeviceA] interface GigabitEthernet 1/0/27
# Add port GigabitEthernet 1/0/27 to the remote probe VLAN.
[DeviceA-GigabitEthernet1/0/27] port access vlan 2 Port Mirroring Configuration Examples
Hangzhou H3C Technologies Co., Ltd. 7/16
# Enter the view of the interface connected with the IDS.
[DeviceA-GigabitEthernet1/0/27] interface GigabitEthernet 1/0/28
# Add port GigabitEthernet 1/0/28 to the remote probe VLAN.
[DeviceA-GigabitEthernet1/0/28] port access vlan 2

II. Configuration file

<DeviceA> display current-configuration
#
 version 5.20, Test 5310
#
 sysname DeviceA
#
 domain default enable system
#
 telnet server enable
#
 mirroring-group 1 remote-source
 mirroring-group 1 remote-probe vlan 2
#
vlan 1
#
vlan 2
#
domain system
 access-limit disable
 state active
 idle-cut disable
 self-service-url disable
#
interface GigabitEthernet1/0/25
 mirroring-group 1 mirroring-port inbound
#
interface GigabitEthernet1/0/26
 mirroring-group 1 reflector-port
#
interface GigabitEthernet1/0/27
 port access vlan 2
#
interface GigabitEthernet1/0/28
 port access vlan 2
# 
 load xml-configuration
#
user-interface aux 0
 idle-timeout 0 0
user-interface vty 0 4
#
return
#

Question:
Where/How do I enter these instructions into to wireless router?
How do I access configuration file that (assumedly) is on wireless router?

Matas Vaitkevicius
  • 111
  • 1
  • 5
  • Easy option would not be port mirroring but using a proxy and blocking all ports except 80 & 443. – duenni Feb 19 '15 at 12:06
  • @duenni Don't think it's an option http://security.stackexchange.com/questions/33983/what-are-the-tcp-udp-ports-used-by-torrent-applications – Matas Vaitkevicius Feb 19 '15 at 12:45
  • So what are your options? Do you really want to do constant port mirroring and "catch" the people red handed? If this a guest network in a hotel, a good application firewall is the only way to go IMO. You can use this for other things which will be neccessary to do in such an environment, QoS, content filtering, virus scanning just to name a few. – duenni Feb 19 '15 at 12:53

0 Answers0