Packet tracking

Hello,
I recently set up a network where I have several win95 machines being masqueraded behind a linux box router/firewall. Whell there isn't a firewall installed. i just turned off all the services and have packet filering in place.
My question is, is there a way to keep track of what the users are doing? See, big brither wants to make sure that the eomployees are not abusing their privileges on the net by wasting time on some IRC port, or browsing web sites that they shoudn't be watching. Or playing net doom etc.
I know that FWTK has this feature but I don't think I want to try to install the a firewall. I don;t really need it!
As the system is now, you can't log into the fireewall unless you are at the keyboard plugged into the box itself. And since the intranet si using 192.168 class, there really isn't a way an outsider could access them... Right?
Thanks for your help
Marcelo
sinner052397Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

sauronCommented:
Well, you can add the -o option to the end of some of your firewall rules, which will cause packets matching those rules to be logged via syslog, but this has a few disadvantages. It it pretty inflexible, so if you wanted to log traffic to 10 different IP's, you'd need 10 firewall rules :-(. It also logs a message for each packet, so be prepared for very large log files indeed. To make use of the information, you'd probably need a Perl script of something to filter out the garbage, and give you sensible information.

If you want something better, you could go to:-

http://reptile.rug.ac.be/~coder/sniffit/sniffit.html

and pick up the Sniffit package. This will do logging if you set it up right, and does loads of other things to. You may want to keep this away from your users - its potential for abuse is almost unlimited....
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sinner052397Author Commented:
Thank you for the quick reply--faster than newsgroups :-)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Networking

From novice to tech pro — start learning today.