LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Network Monitor
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-09-2004, 07:46 AM   #1
agallant
Member
 
Registered: Oct 2003
Location: D.C USA
Distribution: Redhat 9. Thinking about Slackware
Posts: 166

Rep: Reputation: 30
Network Monitor

My firewall has a report in it that tells me what the most visited sites are. I need to know whick computer on the network is going to a specific site. any ideas?
 
Old 06-09-2004, 01:06 PM   #2
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 79
Your best bet would be to install a proxy server like squid. Using a packet sniffer like ntop could work as well but it would only give you connection stats and not full URLs.
 
Old 06-09-2004, 03:15 PM   #3
MS3FGX
LQ Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,852

Rep: Reputation: 361Reputation: 361Reputation: 361Reputation: 361
The only way you could do that is have their IP logged by a proxy server, but that isn't much good if you are using DHCP. Maybe you could log their hostnames though.
 
Old 06-10-2004, 12:35 PM   #4
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 79
MAC addresses would be more useful than hostnames or ip addresses (ok they can be faked but joe bloggs doesn't know that)
 
Old 06-10-2004, 04:12 PM   #5
LoK
Member
 
Registered: May 2004
Location: Detroit MI
Distribution: RHE & FC
Posts: 31

Rep: Reputation: 15
Re: Network Monitor
I would suggust consulting your firewall docs. If it logs the popular sites odds are it also logs who is visiting them.

As other people have already suggested a proxy is a good solution but if you want to do it "NOW" then simply use a packet sniffer w/ rules to log all http traffic.

If it's a switched network you can have the switch replicate the data on your port (the data to/from the firewalls port) or simply install the sniffer on your firewall.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Screenlock + Battery Monitor + Network monitor Atrocity Slackware 1 10-02-2005 03:06 PM
monitor network packets jwijesundra Linux - General 4 01-19-2005 04:34 AM
Best Network monitor masand Linux - Networking 2 11-20-2004 02:40 PM
More than one monitor in a network? theonebeyond Linux - General 4 09-20-2004 03:26 AM
Network Monitor Xiang Wei Linux - Newbie 3 07-17-2002 03:08 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:54 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration