Internet activity monitoring

Posted on 2009-12-22
Last Modified: 2012-05-08
I need to monitor the the internet activity of a suspicious server I suspect to be compromised. I need somthing that can inspect the network traffic and advise on the connections being made. I don't trust the OS so I need this software to install on another computer which will either act as router or packet sniff the network interface
Question by:GraemeEvans1
    LVL 10

    Expert Comment

    Does your solution need to be on the device itself or can it be inline on the network segment?
    LVL 4

    Author Comment

    I don't want to install anything on the server itself, I can connect the server to anything in any way in order to do the monitoring.

    I was thinking of using something like ipCop or m0n0wall but I want detailed information on the connections made by the server (So I can tell what it's doing) and hopefully not have to re-install it.

    I KNOW I SHOULD RE-INSTALL, but I want to try cleaning it first. As much as anything just to better undersand how/what has been installed.
    LVL 4

    Expert Comment

    You an try UnTangle. Its free and very wasy to use. You just need to configure it as transparent proxy and you can every statistic for your network.
    LVL 10

    Accepted Solution

    Additionally you could consider using Wireshark in line or via a mirrored port to observe the connections and their specifics.  Also, if you are using a MS machine you can load SysInternals/TCP View to observe activity on the machine itself.
    LVL 2

    Expert Comment

    I would recommend "WFilter Enterprise", which enables you to monitor all computers internet activity on your network from a mirroring port of your switch.
    You can monitor and record web surfing, emails, chat contents and file transfered by WFilter.
    LVL 21

    Expert Comment

    Your firewall log should show what connections are being opened.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Join & Write a Comment

    Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
    Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now