Internet activity monitoring

Posted on 2009-12-22
Medium Priority
Last Modified: 2012-05-08
I need to monitor the the internet activity of a suspicious server I suspect to be compromised. I need somthing that can inspect the network traffic and advise on the connections being made. I don't trust the OS so I need this software to install on another computer which will either act as router or packet sniff the network interface
Question by:GraemeEvans1
LVL 10

Expert Comment

ID: 26105189
Does your solution need to be on the device itself or can it be inline on the network segment?

Author Comment

ID: 26105290
I don't want to install anything on the server itself, I can connect the server to anything in any way in order to do the monitoring.

I was thinking of using something like ipCop or m0n0wall but I want detailed information on the connections made by the server (So I can tell what it's doing) and hopefully not have to re-install it.

I KNOW I SHOULD RE-INSTALL, but I want to try cleaning it first. As much as anything just to better undersand how/what has been installed.

Expert Comment

ID: 26105309
You an try UnTangle. Its free and very wasy to use. http://www.untangle.com/ You just need to configure it as transparent proxy and you can every statistic for your network.
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 10

Accepted Solution

atlas_shuddered earned 2000 total points
ID: 26105799
Additionally you could consider using Wireshark in line or via a mirrored port to observe the connections and their specifics.  Also, if you are using a MS machine you can load SysInternals/TCP View to observe activity on the machine itself.

Expert Comment

ID: 26110844
I would recommend "WFilter Enterprise", which enables you to monitor all computers internet activity on your network from a mirroring port of your switch.
You can monitor and record web surfing, emails, chat contents and file transfered by WFilter.

LVL 21

Expert Comment

ID: 26114112
Your firewall log should show what connections are being opened.

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question