Is it possible to capture packets of a Router?

Posted on

Is it possible to capture packets of a Router? – Managing your servers can streamline the performance of your team by allowing them to complete complex tasks faster. Plus, it can enable them to detect problems early on before they get out of hand and compromise your business. As a result, the risk of experiencing operational setbacks is drastically lower.

But the only way to make the most of your server management is to perform it correctly. And to help you do so, this article will share nine tips on improving your server management and fix some problem about windows, linux, networking, nat, switch.

I am facing an issue that some packets sent out to internet from inside network were missing. The pattern we are using is like:

  Client A ←→ Switch A ← Router A:NAT ← .. Network .. 
     → Router B:NAT → Switch B ←→ Server B

I want to do below two steps to track the issue:

  1. Capture the packets which are from Client A on Router B.
  2. Check the translation table of Router B.

Are both actions possible?

More information:

  1. Client A is running on Windows XP
  2. Server B is running on Linux (Fedora exactly).
  3. The Router B use static port and address translation table which means incoming packets
    to specific port will be forwarded to Server B.
  4. Both Router A and Router B are TPLink WR340+ products.
  5. Both Router A and Router B have Full-cone NAT.
  6. Switch A is DLink DES-1024R and Switch B is DLink DES-1016D.

The reason why I want to perform the two actions is that we found packets were sent out of the network interface of ClientA, but due to unknown reason the TCP kernel of ClientA machine never receives any ACK packet from the other endpoint, thus it enters data transmission until timeout. And from the server side, also using Tool WireShark we found the network interface of Server B machine never receives the packet sent from client A. I guess the packets were dropped by Router B, so I wonder if it is possible to capture packets at Router B.

Actually the issue only happened when we have two clients, say they are Client A and Client C. The Client A and Client C don’t communicate with each other directly, but communicate with Server B instead.

Problem happened when we unplug the network cable of Client A machine and on another machine log in Client A in about 30 seconds, client A on the new machine will start TCP communication with server B, the first many commands are OK, but after that server can’t receive any command from Client A anymore.

Solution :

Server B never received the packet

If you run Wireshark from Server B is ok; if not please consider you would need a managed switch configuring a “mirror/span/monitor” port where you connect to Wireshark’s PC.

I would stick with Wireshark moving it to see packets between the Router B and the Switch B (can you add a hub in between to insert wireshark’s PC?)

if the packet does not make it to the segment RouterB-SwitchB then your port forwarding at Router B (in order to bypass its NAT services) could be not working right or the router is just not routing your traffic.

I think it is important to get more information, switches don’t do NAT (but routers do), and different routers have widely varying abilities. I’ve never heard the term “checking the translation table” when referring to switches or routers, but I do understand what you mean with respect of routers.

You will most likely find knowledge of NAT and checking translation tables etc a lot less valuable then using simple network tools. The first tool I would use is “WinMTR” from the Client A. Leave that running for a little (minutes ?) while and see if and where packet loss occurs. This will give you a very good idea where to look further. [ Looking at latencies and spikes in latencies will also give you some hints if you know what to look at ].

For someone to provide more help, you might want to provide more detail as to why you believe packets are going missing, and the characteristics of the problem.

Here is an outline of a few ideas, and perhaps others know of how to do it in detail.

Use a linux machine router.

Perhaps Tomato or DDWRT can. So if your router supports that firmware / if you bought one that supports it, you could try that.

You commented "The reason why I want to perform the two actions is that we found packets were sent out of the network interface of ClientA, but due to unknown reason the TCP kernel of ClientA machine never receives any ACK packet from the other endpoint, thus it enters data transmission until timeout. And from the server side, also using Tool WireShark we found the network interface of Server B machine never receives the packet sent from client A, of course it was not able to send any ACK packet back to ClientA."

Maybe a router is damaged, or you have a faulty cable.

I love the fun ideas of how to see what is happening at your router, it may be possible with a fancier router, or better firmware. But if you can/want to do that, then you’d probably have or need a better router, or a replacement one to try. Don’t overlook basic troubleshooting techniques, monkey type logic, like swapping parts!

Is it just one way that has an issue? like A->B. Or B->A too? You could troubleshoot a bit there like swapping the cables around. swapping the ports they’re connected to.

Leave a Reply

Your email address will not be published.