Click here to Skip to main content
Click here to Skip to main content

LinksysLog : A Very Basic Linksys Router Logging Client

By , 7 Jul 2004
Rate this:
Please Sign up or sign in to vote.

Introduction

This is a very basic Linksys Router Logging Client using UDP.Client and Threading for the Linksys BEF-series (BEFSR41, BEFSX41) and similar Cable/dsl router. It collects syslog text data on snmp (Udp port 162) to a datagrid in "Almost-real time" using the Threading class. I created this while I was working around a problem with the DataGrid Control looping and freezing the UI on a thread (seems it's not so thread-safe). This code is very basic, with very little error handling, and only stores the data in the datagrid.

Background

A Little About the Linksys Router

I Use the Linksys BEFSR41 Cable/DSL Router, known in most circles as "The Blue Box Router".

You can find most all the basic information and a users manual in .pdf format on linksys's website at: >http://www.linksys.com/products<

The Free Linksys Logviewer.exe for any of these (BEFSR11,BEFSR41,BEFSR41W,BEFSR81,BEFSRU31,BEFSX41,BEFVP41, and more) you can get from Linksys customer service at: >http://linksys.custhelp.com<

To enable logging and get to the router settings, open your browser, and in the address bar type http://192.168.1.1 and press Enter. Enter "Admin" the user name field, and if you have NEVER changed the the password (BAD IDEA, see stress below), go to the Password box and type in the default password "admin" without the qoutes. Then it's just a matter of using the Tabs at the top of the pages to get to different settings so tab over to the password page, Now! Change it!.

This is where I need to stress: Change the password! Change the password! "Admin" is the most insecure password. Everybody knows that it is the default password. Pick something unique, and make it 8-12 characters long. Write it down! or you might find yourself hard reseting the router later.

Now on to the Question: How can I see a log of the internet traffic on my Linksys Router?

The Answer from Linksys: The router has a built in log that can display information in two ways.

First, the log must be enabled and will need to be set to send the log output to a machine on the network. To do this, Click on the Log tab from the Setup screen.Once that is done, you will need to enable the log, and input the IP address of the desired log capturing computer (Preferably using a static IP address for that machine). There are also two buttons that will bring up pop-up windows showing the Router's most recent activity.The incoming log table displays the source IP and Destination Port Number.The outgoing log table shows the LAN IP, Destination IP / URL, and Service / Port Number.

Second, To view the files on the computer you choose, you can click on the link on this page (on some routers), and/or download the Linksys LogViewer program above. Once you install it,this program will record and store the information from the log into two text files named "Incoming" and "Outgoing". (the default location is C:\Program Files\Linksys\LogViewer)

Now More about why I wrote this little snippet of code other than what was mentioned... It seems although the router has snmp capibility it does not seem to be fully compliant, I never could find a MIB file for this router nor could I find a good way to use Windows SNMP provider to log traffic from it. Although the Free logviewer.exe program is way better than the logs in web based dialogs (in the router setup).

So, off I went to find out why... Well it seems the router sends a SNMP Datagram Packet but it just appends the traffic data to the end of it in plain text syslog style.

Here is a dump of a log packet:

45 00 00 8F 00 00 00 00 96 11 A0 0D C0 A8 01 01  E......?. .À¨..
C0 A8 01 FF 5B 95 00 A2 00 7B 50 8C 30 82 00 6F  À¨.ÿ[?.¢.{P?0?.o
02 01 00 04 06 70 75 62 6C 69 63 A4 82 00 60 06  .....public¤?.`.
0A 2B 06 01 04 01 98 15 02 02 01 40 04 C0 A8 01  .+....?....@.ˬ.
01 02 01 06 02 01 01 43 04 06 C1 14 B5 30 82 00  .......C..Á.µ0?.
3E 30 82 00 3A 06 0A 2B 06 01 04 01 98 15 01 01  >0?.:..+....?...
00 04 82 00 2A 40 6F 75 74 20 31 39 32 2E 31 36  ..?.*@out 192.16
38 2E 31 2E 31 30 30 20 31 33 32 35 20 77 77 77  8.1.100 1325 www
2E 67 6F 6F 67 6C 65 2E 63 6F 6D 20 38 30 0A     .google.com 80.

It appears to be propriatary, so if we look into the folder where we installed the Linksys version of the logviewer.exe above you will notice a file called snmp.dll. This is what linksys software uses to decode this packet.

In fact, Here's A quote from Beyond-Security's SecuriTeam.com about the linksys router's snmp: "It looks like a combination of debugging information as well as traffic logging";"To make matters worse, Linksys refuses to distribute an MIB for the device, which is not surprising considering the SNMP implementation on the device is rather broken."

Anyway, Here's what we want in the packet it sends to udp port 162: "@out 192.168.1.100 1325 www.google.com 80". The @out is for Outbound traffic and the @in is for inbound, Then Next it is the IP Address of the source, then the source port, Then the Destination IP address and then finally the destination port.

VS.net has a UDP.client class as you may know, And I have seen lot's of code for chat and server listeners by lot's of people, so I went on to see if I could write some realy minimal code without snmp or Linksys's snmp.dll, to grab just these packets, strip the un-need data and just get the traffic text out somewhat in real-time.(I really never found a good use for that UDP class anyway...lol). Little did I know about the datagrid problem I would have next...gee can anything get more difficult than using that datagrid. It wasn't thread-safe the way I wanted to use it, and I sat scratching my head for a few days till I found an article on MSDN about ThreadMarshaling the datagrid. And Waa.laa... it worked, Minimal code and I got my traffic information. It could use a lot of work I know, like a date and time stamp added, logging to a file or database, or even a windows service to handle it, and ect.. but that's good for another time, and another learning experience yet to come.

It's very basic, maybe even bad, but i'm just learning and, maybe someone will find it useful, so do what you will with the code.

Also feel free to make comments, I can sure find a use for all the help I can get.

Using the code

For those who may not know, Snmp (UDP port 162) will only allow one client to open the port at a time, so if you have the above mentioned router and have another logging client running, like the free one from Linksys, you must turn off that client first.

The code

Imports System
Imports System.IO
Imports System.Net
Imports System.Net.Sockets
Imports System.Text
Imports System.Threading

Public Class Form1

    Inherits System.Windows.Forms.Form

'" Windows Form Designer generated code Removed here"

    Private dbTable As New DataTable
    Private vDataArray As Array
    Private Shared UDP_Client As New UdpClient
    Private Shared UDP_Listener_Port As Integer
    Private Shared thdUdp As Thread
    Private Shared UDP_Listener As UdpClient
    'events
    Public Shared Event DataArrival(ByVal Data As String)
    Public Shared Event Sock_Error(ByVal Description As String)

    Private Sub Form1_Load(ByVal sender As System.Object, _
ByVal e As System.EventArgs) Handles MyBase.Load
        'Add 5 columns to the datatable
        dbTable.Columns.Add("Direction")
        dbTable.Columns.Add("Src IP")
        dbTable.Columns.Add("Src Port")
        dbTable.Columns.Add("Dest IP")
        dbTable.Columns.Add("Dest Port")
        ' bind the table to the datagrid
        DataGrid1.DataSource = dbTable
        ' clear the textbox
        TextBox1.Text = ""
        ' start the listener on port 162
        UDP_Listen(162)
        ' handle the arrival of the datagram data
        AddHandler DataArrival, AddressOf UDPArrival

    End Sub
    ' process the data received
    Private Sub UDPArrival(ByVal vData As String)
        Dim LastPos As Integer
        ' load raw parsed data for viewing in the textbox
        TextBox1.Text = vData
        ' find the last position of the chr "@" in the string
        LastPos = vData.LastIndexOf("@")
        ' we only want the text data at the end so
        ' discard everything up to that position
        vData = vData.Remove(0, LastPos)
        ' reload the string into an array for the datagrid
        vDataArray = vData.Split(Chr(32))

        ' hmmm... It seems the datagrid is not thread-safe here and...
        ' this is where the datagrid threading problem occured:
        'dbTable.Rows.Add(vDataArray)
        ' so this was a solution:

        If DataGrid1.InvokeRequired Then
            ' identify the method that will handle the event
            Dim mi As New MethodInvoker(AddressOf AssignData)
            ' handle the event
            DataGrid1.Invoke(mi, Nothing)
        Else
            Me.AssignData()
        End If
        ' debug: show the state of the thread
        ' should still be "running"
        Debug.WriteLine(thdUdp.ThreadState())
    End Sub
    ' load the data into the Datagrid
    Private Sub AssignData()
        dbTable.Rows.Add(vDataArray)
    End Sub
    ' Start the listener in a thread
    Public Shared Function UDP_Listen(ByVal Port As Integer) As Boolean
        Try
            ' setup the listener
            UDP_Listener_Port = Port
            UDP_Listener = New UdpClient(Port)
            thdUdp = New Thread(AddressOf GetUDPData)
            ' name the thread for debuging
            thdUdp.Name = "thdUdp"
            ' start the thread
            thdUdp.Start()
        Catch e As Exception
            RaiseEvent Sock_Error(e.ToString)
        End Try

    End Function
    ' the udp listener, listen for data and raise event on data arrival
    Public Shared Sub GetUDPData()
        Dim DData As Array
        Dim RData As String
        Do While True
            Try
                Dim RemoteIpEndPoint As New IPEndPoint(IPAddress.Any, 0)
                DData = UDP_Listener.Receive(RemoteIpEndPoint)
                RData = ParseBytes(DData)
                RaiseEvent DataArrival(RData)
                Thread.Sleep(0)
            Catch e As Exception
                RaiseEvent Sock_Error(e.ToString)
            End Try
        Loop
        DData = Nothing
    End Sub
    ' parse the listener data
    Public Shared Function ParseBytes(ByVal inBytes() As Byte) As String
        Dim x As Integer = 0
        Dim strReturn As String = ""
        While x < inBytes.GetUpperBound(0)
            Try
                If inBytes(x).ToString <> 0 Then
                    strReturn += Chr(inBytes(x).ToString)
                End If
            Catch exe As Exception
                Debug.Write(exe.ToString)
            End Try
            x += 1
        End While
        Return strReturn
    End Function

    Private Sub Form1_Closing(ByVal sender As Object, _
ByVal e As System.ComponentModel.CancelEventArgs) Handles MyBase.Closing
        ' Close the listener and abort the thread, before exiting
        CloseSock()
    End Sub

    Private Sub Button1_Click(ByVal sender As System.Object, _
ByVal e As System.EventArgs) Handles Button1.Click
        ' Close the listener and abort the thread, but don't exit program
        CloseSock()
    End Sub

    Private Sub CloseSock()
        ' Close the listener and abort the thread
        UDP_Listener.Close()
        thdUdp.Abort()
    End Sub

History

  • July 6, 2004 Posted
  • July 7, 2004 Updated Background

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

About the Author

progload

United States United States
No Biography provided

Comments and Discussions

 
GeneralSaved me so much work PinsussAnonymous30-Aug-04 6:13 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Mobile
Web03 | 2.8.140415.2 | Last Updated 8 Jul 2004
Article Copyright 2004 by progload
Everything else Copyright © CodeProject, 1999-2014
Terms of Use
Layout: fixed | fluid