Single user http monitoring

pmckenna11
pmckenna11 used Ask the Experts™
on
I am looking for a way to log all the internet sites a single user is visiting on the web. I have a couple of small networks some with a server, most without. We have web filtering in place (Untangle) but I suspect in some cases savy users are bypassing the filtering. I will have the IP address of the user in question and simply want a list of all the external IP addresses they access.

I have looked at quite a few tools (arp spoofing utilitiies, ntop, wireshark, ettercap, etc) but most are either hard to configure or don't do exactly what I am looking for. Any ideas? Oh and it needs to be free.......
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
leakim971Multitechnician
Top Expert 2014

Commented:

Author

Commented:
A proxy server would be fine but it should be possible to gather the info I want with a sniffer as well. This does not need to be a permanent solution just a quick check to traffic from 1 IP. Thanks for the recommendations but they really are not appropriate. The first must be installed on the user machine (not possible and/or desirable) and the latter is software which runs on a proxy server. It would do what I want but a proxy must be installed first (which maybe I should look into further)
leakim971Multitechnician
Top Expert 2014

Commented:
OK, a tools like MS Forefront Threat Management Gateway will let you to see exactly what you want and more. Try the trial

http://technet.microsoft.com/en-us/library/cc441469.aspx
What is your firewall/gateway device?  Is it the untangle box?

To capture traffic it's pretty straightforward - but on a switched network it gets a little more complex.  If you have a shell prompt on the untangle box then I'd use TCPDump and capture all traffic on  the interface and then copy onto a machine that will run wireshark.

You could run a

tcpdump -i eth0 -s0 host 10.204.4.43 -w capture.pcap

where 10.204.4.43 is the host you wish to capture traffic from/to.

Then copy the file into wireshark and you should be able to see all the traffic for that host (including DNS requests and website traffic)

Author

Commented:
I ended up using a software solution called Ntop to accomplish what I needed but the solution given would have worked just fine without the need of adding additional software

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial