Traffic monitoring and port mirroring

reeaver · 12-13-2011, 05:46 AM

Hi,

I'm looking for some solution that helps me with traffic monitoring in some small network.

I need to log all visited sites and connections made by network users.
Currently in this network there is some simple router but it doesn't allow to log such data. I'm not able to change this router, it has to stay.

This router is connected to some smart switch which has a mirroring port feature.
I was thinking about use this feature and forward copy of all thaffic that flows to current router to some linux machine which will be able to analyse traffic.

But how to analyse traffic on such machine, what should I use?
Or maybe there is some better solution?

Thanks for all suggestions

kbp · 12-13-2011, 07:15 AM

A proxy might be a better option as it already inspects the traffic and will do reporting

reeaver · 12-13-2011, 07:29 AM

Ok but this will solve only a part of problem.
What about logging other traffic?

kbp · 12-13-2011, 07:39 AM

If this is for IDS you could probably start with snort.