My son does homework on a school laptop. I was thinking about setting up a gateway on my home network, so that I can monitor web traffic and know if he is doing his homework without standing over his shoulder. Ideally I would like to use the Raspberry Pi Model b that I already have. However, I might buy a mini computer with two NIC ports.
I want to use a Linux distro with hopefully a GUI interface to see what traffic he is generating. Hopefully someone has a suggestion on how to set this up.
At work we use older laptops with wireshark. Connect to a port, figure out what port to monitor and let it run. Then take the monster files created and sort through them using a variety of tools. My laptop still has an old version of opensuse on it, but it does have 500GB of disk.
Wireshark files can get really large, quickly, depending on what you are monitoring. Disk is important. So we use junk laptops, I'm sure you could use raspbian instead.
The only other component that has to be up to snuff is the NIC - the data center is on a 10 gigabit backbone. Most home network routers and DSL modems are 1Gb usually.
I am not sure what exact hardware you'd need to buy to support wireshark on raspbian.
Disk and NIC that will do what you need is up to you.
Oh. And the learning curve on wireshark is not bad, but reading output usually requires scripting ability. Or good vim/RE skills. vi has has file size limits.
So my hope is that I can load Kali Linux on my raspberry Pi with an extra USB Ethernet port and have that route all of my traffic to the ISP. It would then see all of the network traffic and be able to track all of the IP traffic. I just worry that it won't be able to handle the load. I also thought about buying a mini computer with two Ethernet ports and using that. I would have a Linux firewall keep out unwanted traffic. Does this make sense?
Any garbage computer plus a PCI ethernet card beats a pi with a USB, with bonuses of being cheaper, faster, easier to use, able to boot a normal Linux livecd, able to run a distribution anyone has actually heard of, able to use media besides sd cards, and able to support normal hardware.
That you can do anything with a pi doesn't mean you should...
I agree. My decision comes down to if I try to use the Raspberry Pi and it slows down the network, I will hear about it from my wife and son. I just have to convince her that a $200 mini computer will work for what we want. I was thinking about the following computer.
Why a $200 mini-computer, and not a $15 garage gale piece of garbage?
Brand new computers, and especially brand-new mini anything, are the computers most likely to not have good support from a linux distribution (or from anyone, really). Its power supply is weird, its video card is weird, its processor is weird, its hard drive is weird, its ethernet ports are weird, its motherboard is weird, and it has no real I/O except USB. It's almost as bad as a PI. Not an actual computer, despite its lofty ratings.
I was talking to a friend about this last night and he pointed out the this computer also comes pre-bundled with PFSense. Hence, it is probably designed to perform this task. Does that change your answer? Ultimately, I might just buy the hardware and try it out. Thanks.
pfsense is an operating system based off BSD. You either install it inside the machine itself, or inside a virtual machine running inside the machine. And a cheap Celeron is very unlikely to support hardware VM.
So you'd be locking yourself in a weird proprietary operating system. If that works for you, great. If it doesn't, you may be painting yourself into a corner.
It's an internet appliance with four ethernet ports - naturally it's designed for networking. Which doesn't mean it's easier to use.
If you don't like the preloaded loadout, you may have a hard time installing anything else. If you drive that bargain-basement SSD to an early grave with frequent logging writes, it may not be replaceable. If you back yourself into a corner and need to boot a rescue disk, I hope you can find a compatible one.
You do seem to be hell bent on spending good money on this when the best solution is to get hold of a piece of junk somebody has thrown out and put a second NIC in it. It will give you a choice of almost any Linux version to run on it and a choice of any decent open source firewall (eg, IPcop). You can quickly get to the situation where nobody can as much as sneeze on your LAN or WAN without you knowing about it. You can also police the whole thing and allow/disallow anything you want.
I can't disagree about the potential for lack of support on drivers for the hardware. Since I have not yet seen the device, I can't say if it will work or not. Some of the computers will run on SSD drives, which have faster performance than regular hard drives. SSD's would probably be ideally suited for this kind of work. The fact that the mini computers only use 18 watts of power would also be helpful, since this is meant to be an always on appliance. If I buy such a computer I am taking a gamble. I guess I am OK with that. I can always go back to the Belkin router. The last quote is certainly appropriate.
If you want to kill an SSD as fast as possible, install something which does lots of frequent tiny writes, like a logging application.
You're not taking a gamble -- you're taking the path of maximum resistance. This mini computer can do what you want -- eventually -- once you've figured out exactly what you want and how to do it.
That figuring out is something that's so much easier to do on a real computer. Even if you want to use the mini computer eventually, if you build it on a real computer first, you'll save yourself a huge amount of time.
I think I will start with an old Pentium 4 that I had planned on sending to get recycled. If that works, maybe then I will get new hardware.
If the ethernet networking is too hard, the Pentium 4 has a 56K modem...
It's still more than 1-2 orders of magnitude faster than the original Pi. And probably 2-5x faster than a Pi2.
That said you could get a $2 USB Ethernet adapter on ebay ... and plug it into the pi and experiment with that. The Pi will probably show your internet down since it's peripherals all hang off it's overloaded USB bus.
The P4 ought to handle it with ease... as far as that goes lots of people have used much slower machines for routers/firewalls. Rather than using wireshark which is a rather heavy handed but comprehensive solution, you just do as suggested here with dnsmasq How to log all my DNS queries? - Unix & Linux Stack Exchange
And filter the log for dnsmasq output.... just about as good as wireshark and probably more performant than running without the system as now your dns queries are cached by a local machine. The TCPDUMP answer there is also good.
If you get it working on the P4 getting a mini PC is probably a decent idea... as the power savings alone will pay for itself. A P4 computer costs between $100-300 a year to leave running vs the mini PC costing about 10 bucks a year.
