Solved

How do I monitor internet traffic across the domain?

Posted on 2009-05-14
2
690 Views
Last Modified: 2012-05-07
Hi, I have a customer running Server 2003 Standard in an AD domain who wants to monitor all the internet traffic of the workstations in her office.  How do I do this?  WS are XP Pro.
0
Comment
Question by:broncbuster
2 Comments
 
LVL 5

Accepted Solution

by:
rgutwein earned 500 total points
ID: 24384475
Hello,

I use ntop and it is a great tool to monitor your network.  First thing is that you need to set up port mirroring on your switches, or setup a passive hub.  I like to monitor the port where my router is plugged into so that I can see all the traffic coming in and out.  If you have linux, then you can go to this website, and find instructions on how to get it up and running:
http://www.ntop.org/

Unfortunately I only have Windows computers on my network so you have to find a Windows compiled version of ntop.  The site I originally got the compiled version from, OpenXtra, no longer supports it and took it down, so I have the file hosted here if you are interested:
http://www.box.net/shared/t5nqp6q9tx

Here are the instructions on how to install it:
http://www.ehow.com/how_4468882_install-ntop-windows.html

When you find a site that comes up on your list on ntop, you can click on it, then it will show you the clients who are accessing it.  Normally it will be an IP address, or the computers name (it will not show the actual user logged onto the computer).

Also, You need to mirror the port that you are trying to monitor.  Example.  If your Gateway/Router is on port #1 on the switch, then you will need to have some other port (lets say port #2) monitor/mirror port #1.  You would then install ntop on a computer/laptop that is plugged into port #2 because he will now see all the traffic going to and from your Gateway/Router.  Here is a website that explains it a little more in detail:
http://www.networkdictionary.com/howto/NetworkAnalyzer.php

I hope this information will get you pointed in the right direction & good luck!
0
 
LVL 2

Expert Comment

by:gengw2000
ID: 24409268
Our company uses WFilter to monitor and manage internet access.
Hope its also helpful to you.

http://www.imfirewall.us
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
DSRM password 5 42
GPO on certain users 17 34
No IP Address Assigned to VM 10 84
Move the SYSVOL and NTDS folder to another drive 5 32
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question