1
I want to start monitoring traffic that goes in and out of my home network.
I'd like to collect information like bandwidth usage and (specifically) HTTP requests from home computers to websites. From my research, nTop appears to be a good candidate for the job.
My plan was to install nTop on a spare Linux box and route all network traffic through that box. From my research, monitoring is commonly done using a switch that can do port-mirroring. The computers on the LAN connect to the switch, and when port-mirroring is set up, all traffic from these LAN computers can be mirrored to a designated port on the switch that my Linux monitoring box connects to. I can then receive and monitor this traffic.
My problem is where to place the switch on the network. Our network is set up like the following:
Internet --> Modem --> Wireless router --> Wired and wireless computers
I could place the switch immediately downstream from the router and route all wired connections through the switch. I would connect the monitoring box to the switch, and then the switch to the router. It would look like the following:
Internet --> Modem --> Wireless router --> Switch --> Wired Computers
The problem is all wireless devices will still go directly to the router and bypass my switch. An alternative set up would be the following:
Internet --> Modem --> Switch --> Wireless router --> Wired and wireless computers
This seems like a good solution, however all traffic going through that switch is now coming from the router which performs Network Address Translation (NAT).
Since the router is performing NAT, does this mean that all traffic that reaches the switch will have a single (public) IP address? This would make it impossible to know which device on the network did each HTTP request since their IP would have been translated to a single IP.
Is there a workaround to get both wired/wireless devices to through the switch AS WELL AS being able to distinguish which computer sent the request?
Thanks