How to monitor LAN for internet abuse??

Discussion in 'other firewalls' started by exus69, Jul 24, 2012.

Thread Status:
Not open for further replies.
  1. exus69

    exus69 Registered Member

    Joined:
    Mar 15, 2009
    Posts:
    160
    Hello,

    Here's the scenario:
    My friend has 4 computers in his small office running Win 7 and XP. He wants
    to keep a tab on unwanted downloads (mp3, movies, pirated software
    etc.) during office hours.

    He has no knowledge of linux. All his computers are wired. The problem is
    by the time he checks his employees comps for any illegal downloads
    (history, visited urls etc.) all traces are gone. He has a very high speed
    internet hence there is a download limit. He is using Dlink ADSL2+Router.

    Now the catch is 1)if he uses Wireshark he wont be able to monitor other
    pcs connection except broadcast. 2)if he wants to monitor wireless traffic
    then he'll require airpcap isnt it??

    So what is the solution in this scenario considering that he doesnt have linux knowledge??

    He just needs to know what all websites are visited during the day by which IP thats it.

    Please help
     
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    There are numerous commercial software packages for monitoring employee Internet usage. I suspect most are for Windows environments.

    In Windows installations, the first step is to use Group Policy to establish the desired level of computer access each computer user shall have.

    As far as Linux goes, I don't know.
     
  3. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
  4. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
  5. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,736
    pay someone with knowledge to install a small managed switch.

    employee monitoring needs to be announced and sometime special contracts between boss and employee(s).
     
  6. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Also I assume this is a simple network? In that case, one PC could be the gateway to the Internet and the rest of the PC's connect to that PC for access to the Internet. Wireshark can be installed on the gateway PC to monitor all Internet traffic. Also this setup would only require that a firewall be installed on the gateway PC.

    In WIN Vista and 7 enviroments, a Home Network setup would accomplish this.
     
  7. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    Why not just enable logs on the router? They should show what PC visited what site and when.
     
  8. Spiral123

    Spiral123 Registered Member

    Joined:
    Jan 10, 2007
    Posts:
    128
    You need to be in the right place to collect the traffic. A managed switch monitoring port, a more intelligent gateway device (something like a PC running Untangle, Astaro, etc) or even a router with decent logging is all your would need.

    If you are able to situate yourself to capture packets, then you can analyze the traffic using many applications besides wireshark, which may be eaiser to understand such as:

    Netwitness http://www.netwitness.com/products-services/nextgen-infrastructure


    or

    NetworkMiner http://www.netresec.com/?page=NetworkMiner

    Also, if you setup a captive portal on your gateway device, you could add a message or add the message in as a logon notice on the desktop itself.

    A message I have used:

    "This system is for the use of authorized users only.
    Individuals using this computer system without authority, or in excess of their
    authority, are subject to having all of their activities on this system monitored
    and recorded by system personnel. In the course of monitoring individuals
    improperly using this system, or in the course of system maintenance, the
    activities of authorized users may also be monitored. Anyone using this
    system expressly consents to such monitoring and is advised that if such
    monitoring reveals possible evidence of criminal activity, system personnel
    may provide the evidence of such monitoring to law enforcement officials."

    Sometimes the message by itself is effective.
     
    Last edited: Jul 27, 2012
  9. exus69

    exus69 Registered Member

    Joined:
    Mar 15, 2009
    Posts:
    160
    First of all sorry for the delay. I had disabled email notifications and forgot to keep track of this thread. Yes its a simple network but all the desktops are connected directly to the ADSL2 router via the cat 5 cable so there's no gateway pc as such.
     
  10. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,434
    Location:
    Europe
  11. exus69

    exus69 Registered Member

    Joined:
    Mar 15, 2009
    Posts:
    160
  12. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
  13. exus69

    exus69 Registered Member

    Joined:
    Mar 15, 2009
    Posts:
    160
    Thx gerardwil, will check it out.
     
Loading...
Thread Status:
Not open for further replies.