Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How do I monitor internet traffic across the domain?

Posted on 2009-05-14
2
Medium Priority
?
695 Views
Last Modified: 2012-05-07
Hi, I have a customer running Server 2003 Standard in an AD domain who wants to monitor all the internet traffic of the workstations in her office.  How do I do this?  WS are XP Pro.
0
Comment
Question by:broncbuster
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 5

Accepted Solution

by:
rgutwein earned 1500 total points
ID: 24384475
Hello,

I use ntop and it is a great tool to monitor your network.  First thing is that you need to set up port mirroring on your switches, or setup a passive hub.  I like to monitor the port where my router is plugged into so that I can see all the traffic coming in and out.  If you have linux, then you can go to this website, and find instructions on how to get it up and running:
http://www.ntop.org/

Unfortunately I only have Windows computers on my network so you have to find a Windows compiled version of ntop.  The site I originally got the compiled version from, OpenXtra, no longer supports it and took it down, so I have the file hosted here if you are interested:
http://www.box.net/shared/t5nqp6q9tx

Here are the instructions on how to install it:
http://www.ehow.com/how_4468882_install-ntop-windows.html

When you find a site that comes up on your list on ntop, you can click on it, then it will show you the clients who are accessing it.  Normally it will be an IP address, or the computers name (it will not show the actual user logged onto the computer).

Also, You need to mirror the port that you are trying to monitor.  Example.  If your Gateway/Router is on port #1 on the switch, then you will need to have some other port (lets say port #2) monitor/mirror port #1.  You would then install ntop on a computer/laptop that is plugged into port #2 because he will now see all the traffic going to and from your Gateway/Router.  Here is a website that explains it a little more in detail:
http://www.networkdictionary.com/howto/NetworkAnalyzer.php

I hope this information will get you pointed in the right direction & good luck!
0
 
LVL 2

Expert Comment

by:gengw2000
ID: 24409268
Our company uses WFilter to monitor and manage internet access.
Hope its also helpful to you.

http://www.imfirewall.us
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question