Packet Sniffing Not From Router?

[Polraudio]

I was wondering if there's a way to sniff packets from 1 computer to another not using a server or not having direct access to the router.

EX: My next-door neighbor uses our internet and im assuming he is using frostwire and its uploading using all the bandwidth, slowing everyone down to a crawl.(cant kick him off because he pays half the bill)

Lets say his ip is 192.168.1.10 and my ip is 192.168.1.11. Is there a way i can see what he is doing from my computer without having to install a server or anything in front of the router?
I need to do everything from my computer that is connected via wireless. I also need to access the internet at the same time.

I do have admin access to the router to open ports, get ip's and everything. I flashed my router with DD-WRT. I have no USB drive to spare for the router to install a server on it.

EDIT: even if theres a way to limit bandwidth for each user that would be great.
EDIT2: Using WPA2

Thanks in advance 🙂

 

[boochi]

If you have a wireless adapter that can be put in to monitor mode you may be able to see what he is doing. If you have any experience with linux you may want to check out a BackTrack Live CD.
http://www.backtrack-linux.org/

 

[Polraudio]

Tried something like that before. my adapter dont support monitor mode sadly. I have no money to buy anything.

 

[bobdole369]

The only thing you can do is to turn on monitor mode, which would give you a bunch of packets. It wouldn't say "He's using xxx app". Unless the existing wireless device supports statistics and breaks it out in an intlligent way (and it won't unless you spent a LOT of money for it) - then your short firm answer is No.

The way to do something like this is to replace the router or insert into the path - an intelligent monitoring device - say Untangle, which gives you port by port, IP by IP stats on use. DD-WRT (installed on various routers) will do similarly, but I don't think it gives you port by port. It'll show a graph with upload/download speed over time from each client/IP address.

 

[Polraudio]

So i guess every way im SOL. Thanks for your help guys.

 

[Specop 007]

Sounds to me like you need bandwidth management more than bandwidth monitoring. So what do you do if you can prove hes using bittorrent and using more than his "fair share" of bandwidth? Either way he'll say "Well I pay half the bill".

Get some bandwidth management in place and split your incoming bandwidth half to you half to him.

 

[alkemyst]

What's the goal? If it's your connection, you may be able to request a log of the traffic.

Sniffing the traffic isn't going to resolve much. Once you have the logs you can approach him to renegotiate or whatever.

 

[Fardringle]

The paid version of DDWRT allows per-user bandwidth controls. Since he's your neighbor and is paying half of the bill (probably against the ISP's TOS, by the way, but that's a different discussion), talk to him first. If he doesn't want to be reasonable, either stop sharing the bandwidth, or use DDWRT to put a limit on his computer(s).

 

[Polraudio]

The paid version of DDWRT allows per-user bandwidth controls. Since he's your neighbor and is paying half of the bill (probably against the ISP's TOS, by the way, but that's a different discussion), talk to him first. If he doesn't want to be reasonable, either stop sharing the bandwidth, or use DDWRT to put a limit on his computer(s).

Yea maybe i will save up for the paid version then limit him to 6mbit download and 1mbit upload for half. Per-user bandwidth will come in handy lots in the future also.

 

[Pulsar]

Can't you just enable QOS and assign it to your computer mac address and then assign it half the bandwidth?

 

[bobdole369]

Its not "quite" that simple.

Excerpt from dd-wrt wiki:

In the case you want to prioritize traffic from a particular device without a static IP address on your LAN, you can prioritize by MAC Address.
Enter the MAC Address of the device and press "Add" next to it.
This method works via the source MAC address only so traffic is only properly prioritized if the connection was initiated from this address. Traffic initiated from somewhere else will not be properly marked even if it is destined for one of the listed MAC addresses.

So incoming udp traffic is not marked.

And here is how the priorities break down. I don't know if even outgoing UDP or TCP traffic would be affected - in the event that a BT client is misconfigured to use > WAN uplink, or if the service provided is best effort and the node is oversold:

Detailed breakdown of traffic
If you'd like to know the specifics, bandwidth is allocated based on the following percentages of uplink and downlink values for each class:
Exempt: 100mbps - ignores global limits.
Premium: 75% - 100%
Express: 15% - 100%
Standard: 10% - 100%
Bulk: 1.5% - 100%
What this really means is that if you have 10,000kbit of uplink traffic, "Standard" class traffic can be reduced and de-prioritized to 10% or 1,000kbit when a concurrent Express service requires the uplink pipe at the same time.
You can run the tc command to check breakdown of traffic applied to each interface. Uplink limits are applied to the WAN interface (nvram get wan_iface) or LAN&WLAN bridge interface (br0) depending on which port you selected, while Downlink limits are applied to the imq0 interface.

I don't know if these are global limits, or if each separate translation - (aka connection) is subject to these limits. So say there are 954 outgoing connections - Would they all get a possible limit of 1.5% uplink separately? If so - it would still overwhelm the uplink making tcp replies queue or drop. If the entire MAC address were assigned this queue - the router is likely to overflow its buffer. I don't know what would happen then. dropped packets on his end for sure, but is the router able to service your MAC address at that point? Unfortunately I'm no DD-WRT expert.

In this case a layer 7 device would be far better suited.