Community Forum

Port Mirroring on xfinity xFi gateway

WannaScanner
New Poster

Port Mirroring on xfinity xFi gateway

Q: Does the xfinity xFi gateway support port mirroring?

 

What is port mirroring: This is a feature often used for network monitoring. On some routers it allows forwarding all (or some) traffic to a specified ethernet port. A computer (or network device) connected to that port can then see all the traffic and analyze / monitor it.

 

(See: https://en.wikipedia.org/wiki/Port_mirroring)

 

I mainly want this to get fine grained data usage on my network. (Because comcast bandwith counter is so inadequate that it should be illegal)

 

I do not currently have a xFi gateway, I have my own modem and router (which do not support port mirroring).

Thanks.

ptjfamichael44
New Poster

Re: Port Mirroring on xfinity xFi gateway

+1 to this

flatlander3
Regular Contributor

Re: Port Mirroring on xfinity xFi gateway

You can always run wireshark or tcptump in promiscuous mode to spot check traffic, but that's not what you're looking for.  You can get closer with a linux box running darkstat that uses promiscuous mode and you'll get graphs, but if you want every packet from all devices:

 

You still want the 'front line' firewall to work on your gateway, and if it's got a 'block portscan' option on it, use it even though it might not work all that great depending on how it was implimented in firmware.

 

Connect a dedicated box with two ethernet ports to the gateway with an ethernet cable.  Get a 2nd WiFi router, and connect it to the second ethernet port on your dedicated box.  That will be your new internal network.  The new internal network has it's own DHCP server so disable the one on your 2nd WiFi -- it's just going to be a DHCP forwarder/access point.  Disable the WiFi on your cable gateway.

 

Run pfSense or OpnSense firewall on the dedicated box.  They're both free.  Now every packet has to go through your dedicated firewall box.  Make the internal subnet different from the subnet your gateway uses.   The default setup on both are secure.

 

internet <-> cable gateway <-> pfSense firewall <->  Wifi router and hardwired clientts

 

After it's up,  you can see all the traffic in real time and log it too.  Bandwidthd and ntopng are great tools (free add-ons).  From an external network (phone hotspot works fine for this) Pound on your Xfinity external IP address with nmap and intrusion software to see if you have any open ports/services on your cable gateway.  It shouldn't respond to pings either, so make sure you disable ICMP on your cable gateway.

EG
Expert

Re: Port Mirroring on xfinity xFi gateway


@WannaScanner wrote:

Q: Does the xfinity xFi gateway support port mirroring?

The answer to your question is no.



I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!