Introduction
This is a very basic Linksys Router Logging Client using
UDP.Client and Threading for the Linksys BEF-series (BEFSR41,
BEFSX41) and similar Cable/dsl router. It collects syslog text data on snmp (Udp
port 162) to a datagrid in "Almost-real time" using the Threading class. I
created this while I was working around a problem with the
DataGrid
Control looping and freezing the UI on a thread (seems it's not so
thread-safe). This code is very basic, with very little error handling, and only
stores the data in the datagrid.
Background
A Little About the Linksys Router
I Use the Linksys BEFSR41 Cable/DSL Router, known in most circles as "The Blue Box Router".
You can find most all the basic information and a users manual in .pdf format on linksys's website at:
>http://www.linksys.com/products<
The Free Linksys Logviewer.exe for any of these (BEFSR11,BEFSR41,BEFSR41W,BEFSR81,BEFSRU31,BEFSX41,BEFVP41, and more) you can get from Linksys customer service at:
>http://linksys.custhelp.com<
To enable logging and get to the router settings, open your browser, and in the address bar type http://192.168.1.1 and press Enter. Enter "Admin" the user name field, and if you have NEVER changed the the password (BAD IDEA, see stress below), go to the Password box and type in the default password "admin" without the qoutes. Then it's just a matter of using the Tabs at the top of the pages to get to different settings so tab over to the password page, Now! Change it!.
This is where I need to stress: Change the password!
Change the password! "Admin" is the most insecure password. Everybody knows that it is the default password. Pick something unique, and make it 8-12 characters long. Write it down! or you might find yourself hard reseting the router later.
Now on to the Question: How can I see a log of the internet traffic on my Linksys Router?
The Answer from Linksys: The router has a built in log that can display information in two ways.
First, the log must be enabled and will need to be set to send the log output to a machine on the network. To do this, Click on the Log tab from the Setup screen.Once that is done, you will need to enable the log, and input the IP address of the desired log capturing computer (Preferably using a static IP address for that machine). There are also two buttons that will bring up pop-up windows showing the Router's most recent activity.The incoming log table displays the source IP and Destination Port Number.The outgoing log table shows the LAN IP, Destination IP / URL, and Service / Port Number.
Second, To view the files on the computer you choose, you can click on the link on this page (on some routers), and/or download the Linksys LogViewer program above. Once you install it,this program will record and store the information from the log into two text files named "Incoming" and "Outgoing". (the default location is C:\Program Files\Linksys\LogViewer)
Now More about why I wrote this little snippet of code other than what was mentioned...
It seems although the router has snmp capibility it does not seem to be fully compliant, I never could find a MIB file for this router nor could I find a good way to use Windows SNMP provider to log traffic from it. Although the Free logviewer.exe program is way better than the logs in web based dialogs (in the router setup).
So, off I went to find out why...
Well it seems the router sends a SNMP Datagram Packet but it just appends the traffic data to the end of it in plain text syslog style.
Here is a dump of a log packet:
45 00 00 8F 00 00 00 00 96 11 A0 0D C0 A8 01 01 E......?. .ˬ..
C0 A8 01 FF 5B 95 00 A2 00 7B 50 8C 30 82 00 6F À¨.ÿ[?.¢.{P?0?.o
02 01 00 04 06 70 75 62 6C 69 63 A4 82 00 60 06 .....public¤?.`.
0A 2B 06 01 04 01 98 15 02 02 01 40 04 C0 A8 01 .+....?....@.ˬ.
01 02 01 06 02 01 01 43 04 06 C1 14 B5 30 82 00 .......C..Á.µ0?.
3E 30 82 00 3A 06 0A 2B 06 01 04 01 98 15 01 01 >0?.:..+....?...
00 04 82 00 2A 40 6F 75 74 20 31 39 32 2E 31 36 ..?.*@out 192.16
38 2E 31 2E 31 30 30 20 31 33 32 35 20 77 77 77 8.1.100 1325 www
2E 67 6F 6F 67 6C 65 2E 63 6F 6D 20 38 30 0A .google.com 80.
It appears to be propriatary, so if we look into the folder where we installed the Linksys version of the logviewer.exe above you will notice a file called snmp.dll. This is what linksys software uses to decode this packet.
In fact, Here's A quote from Beyond-Security's SecuriTeam.com about the linksys router's snmp:
"It looks like a combination of debugging information as well as traffic logging";"To make matters worse, Linksys refuses to distribute an MIB for the device, which is not surprising considering the SNMP implementation on the device is rather broken."
Anyway, Here's what we want in the packet it sends to udp port 162:
"@out 192.168.1.100 1325 www.google.com 80". The @out is for Outbound traffic and the @in is for inbound,
Then Next it is the IP Address of the source, then the source port, Then the Destination IP address and then finally the destination port.
VS.net has a UDP.client class as you may know, And I have seen lot's of code for chat and server listeners by lot's of people, so I went on to see if I could write some realy minimal code without snmp or Linksys's snmp.dll, to grab just these packets, strip the un-need data and just get the traffic text out somewhat in real-time.(I really never found a good use for that UDP class anyway...lol). Little did I know about the datagrid problem I would have next...gee can anything get more difficult than using that datagrid. It wasn't thread-safe the way I wanted to use it, and I sat scratching my head for a few days till I found an article on MSDN about ThreadMarshaling the datagrid. And Waa.laa... it worked, Minimal code and I got my traffic information. It could use a lot of work I know, like a date and time stamp added, logging to a file or database, or even a windows service to handle it, and ect.. but that's good for another time, and another learning experience yet to come.
It's very basic, maybe even bad, but i'm just learning and, maybe someone will find it useful, so do what you will with the code.
Also feel free to make comments, I can sure find a use for all the help I can
get.
Using the code
For those who may not know, Snmp (UDP port 162) will only allow one client to
open the port at a time, so if you have the above mentioned router and have
another logging client running, like the free one from Linksys, you must turn
off that client first.
The code
Imports System
Imports System.IO
Imports System.Net
Imports System.Net.Sockets
Imports System.Text
Imports System.Threading
Public Class Form1
Inherits System.Windows.Forms.Form
Private dbTable As New DataTable
Private vDataArray As Array
Private Shared UDP_Client As New UdpClient
Private Shared UDP_Listener_Port As Integer
Private Shared thdUdp As Thread
Private Shared UDP_Listener As UdpClient
Public Shared Event DataArrival(ByVal Data As String)
Public Shared Event Sock_Error(ByVal Description As String)
Private Sub Form1_Load(ByVal sender As System.Object, _
ByVal e As System.EventArgs) Handles MyBase.Load
dbTable.Columns.Add("Direction")
dbTable.Columns.Add("Src IP")
dbTable.Columns.Add("Src Port")
dbTable.Columns.Add("Dest IP")
dbTable.Columns.Add("Dest Port")
DataGrid1.DataSource = dbTable
TextBox1.Text = ""
UDP_Listen(162)
AddHandler DataArrival, AddressOf UDPArrival
End Sub
Private Sub UDPArrival(ByVal vData As String)
Dim LastPos As Integer
TextBox1.Text = vData
LastPos = vData.LastIndexOf("@")
vData = vData.Remove(0, LastPos)
vDataArray = vData.Split(Chr(32))
If DataGrid1.InvokeRequired Then
Dim mi As New MethodInvoker(AddressOf AssignData)
DataGrid1.Invoke(mi, Nothing)
Else
Me.AssignData()
End If
Debug.WriteLine(thdUdp.ThreadState())
End Sub
Private Sub AssignData()
dbTable.Rows.Add(vDataArray)
End Sub
Public Shared Function UDP_Listen(ByVal Port As Integer) As Boolean
Try
UDP_Listener_Port = Port
UDP_Listener = New UdpClient(Port)
thdUdp = New Thread(AddressOf GetUDPData)
thdUdp.Name = "thdUdp"
thdUdp.Start()
Catch e As Exception
RaiseEvent Sock_Error(e.ToString)
End Try
End Function
Public Shared Sub GetUDPData()
Dim DData As Array
Dim RData As String
Do While True
Try
Dim RemoteIpEndPoint As New IPEndPoint(IPAddress.Any, 0)
DData = UDP_Listener.Receive(RemoteIpEndPoint)
RData = ParseBytes(DData)
RaiseEvent DataArrival(RData)
Thread.Sleep(0)
Catch e As Exception
RaiseEvent Sock_Error(e.ToString)
End Try
Loop
DData = Nothing
End Sub
Public Shared Function ParseBytes(ByVal inBytes() As Byte) As String
Dim x As Integer = 0
Dim strReturn As String = ""
While x < inBytes.GetUpperBound(0)
Try
If inBytes(x).ToString <> 0 Then
strReturn += Chr(inBytes(x).ToString)
End If
Catch exe As Exception
Debug.Write(exe.ToString)
End Try
x += 1
End While
Return strReturn
End Function
Private Sub Form1_Closing(ByVal sender As Object, _
ByVal e As System.ComponentModel.CancelEventArgs) Handles MyBase.Closing
CloseSock()
End Sub
Private Sub Button1_Click(ByVal sender As System.Object, _
ByVal e As System.EventArgs) Handles Button1.Click
CloseSock()
End Sub
Private Sub CloseSock()
UDP_Listener.Close()
thdUdp.Abort()
End Sub
History
- July 6, 2004 Posted
- July 7, 2004 Updated Background
This member has not yet provided a Biography. Assume it's interesting and varied, and probably something to do with programming.
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
Your code works fine.