Solved

dhcp

Posted on 2011-03-12
11
433 Views
Last Modified: 2012-08-13
management at my company wants me to see what websites people are going to. im using squid with sarg and webmin. the reports in webmin show the sites and the ip addresses that people visit. since i have the ip address - could i match the ip address to a user's login? I have a windows 2003 domain. my domain controller is the dhcp server - and another domain controller takes care of users and computers
0
Comment
Question by:JeffBeall
  • 4
  • 3
  • 2
  • +1
11 Comments
 
LVL 45

Expert Comment

by:Craig Beck
ID: 35117994
You can use the DHCP server to determine what PC a user was logged on to, then filter the Active Directory secutiry event logs to see who was logged on to a PC at a particular time.  This will help you correlate info with the web access logs.
0
 
LVL 1

Expert Comment

by:janvanderwijk
ID: 35117998
netstat -a <ipaddress> could give you the username
0
 
LVL 1

Author Comment

by:JeffBeall
ID: 35118096
the dhcp control panel shows only the computer names, which wouldn't help me because the computer names are randomly generated. i tried netstat -a <ipaddress> but it's just showing a bunch of ports that ( i think ) the server is listening on.
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 35118142
Sorry, I typo'd my response!  What I meant was...

You can use the DHCP server to determine what IP address was assigned to which PC, then filter the Active Directory secutiry event logs to see who was logged on each PC at a particular time.  This will help you correlate info with the web access logs.

I thnk NBTSTAT will show you who is logged on to a PC, not NETSTAT.
0
 
LVL 1

Assisted Solution

by:janvanderwijk
janvanderwijk earned 166 total points
ID: 35118179
@craigbeck, Yep, typo it is... My bad.... nbtstat -s <ipaddress> should do the trick for a single ipaddress.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 1

Author Comment

by:JeffBeall
ID: 35118227
i tried the nbtstat -a <ipaddress> and nbtstat -s <ipaddress> ; -s didn't seem to work, but nbtstat -a <ipaddress> seemed to work - but i didn't get the login name - it looks like it still is getting the computer name which wouldnt help me.
i went to the security log of the server that has DHCP but i couldn't find the users name i was looking for - i found my login name but it didn't show the ip address of the computer i was on.
0
 
LVL 17

Expert Comment

by:Premkumar Yogeswaran
ID: 35119517
Hi,

To locate the logged on user, a free little command line utility called PSLoggedOn works well:
http://www.sysinternals.com/Utilities/PsLoggedOn.html

Regards,
Prem
0
 
LVL 17

Accepted Solution

by:
Premkumar Yogeswaran earned 167 total points
ID: 35119520
error on above posted link..

check this link to download

http://technet.microsoft.com/en-us/sysinternals/bb897545

Regards,
PRem
0
 
LVL 45

Assisted Solution

by:Craig Beck
Craig Beck earned 167 total points
ID: 35120955
I found my login name but it didn't show the ip address of the computer i was on.

The security log will only show you computer names, and logged on usernames, so you need to get the computer name from the security log, then check the DHCP server for the computer name.  This will show you the corresponding MAC address and IP address (which is what you get in your web logs).
0
 
LVL 1

Author Comment

by:JeffBeall
ID: 35121618
"The security log will only show you computer names, and logged on usernames, so you need to get the computer name from the security log,"

craigbeck - are you saying from the security logges on the server that is running dhcp? or from the domain controller? - i thought it would make more sence if it is on the server running dhcp.
also - i looked in the security logs on the server running dhcp - but i didn't know where to look - for instance - do you filter by a certain criteria?
0
 
LVL 1

Author Closing Comment

by:JeffBeall
ID: 35124578
i found psinfo in the suite of things that are in  psloggedon. i added something in the users login script that uses psinfo, then i find their ip address on the dhcp server. thanks for the help.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now