• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 206
  • Last Modified:

Internet activity monitoring

I need to monitor the the internet activity of a suspicious server I suspect to be compromised. I need somthing that can inspect the network traffic and advise on the connections being made. I don't trust the OS so I need this software to install on another computer which will either act as router or packet sniff the network interface
1 Solution
atlas_shudderedSr. Network EngineerCommented:
Does your solution need to be on the device itself or can it be inline on the network segment?
GraemeEvans1Author Commented:
I don't want to install anything on the server itself, I can connect the server to anything in any way in order to do the monitoring.

I was thinking of using something like ipCop or m0n0wall but I want detailed information on the connections made by the server (So I can tell what it's doing) and hopefully not have to re-install it.

I KNOW I SHOULD RE-INSTALL, but I want to try cleaning it first. As much as anything just to better undersand how/what has been installed.
You an try UnTangle. Its free and very wasy to use. http://www.untangle.com/ You just need to configure it as transparent proxy and you can every statistic for your network.
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

atlas_shudderedSr. Network EngineerCommented:
Additionally you could consider using Wireshark in line or via a mirrored port to observe the connections and their specifics.  Also, if you are using a MS machine you can load SysInternals/TCP View to observe activity on the machine itself.
I would recommend "WFilter Enterprise", which enables you to monitor all computers internet activity on your network from a mirroring port of your switch.
You can monitor and record web surfing, emails, chat contents and file transfered by WFilter.

Your firewall log should show what connections are being opened.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now