monitoring network activities

Hi, we are in work group environment, using cisco c3925 as the router facing Internet. How can we know the Internet pages where users access? Do you know any free tool or devices? Many thanks.
LVL 5
DP230Network AdministratorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Bryant SchaperCommented:
It would be hard from just the router, that would be more like a firewall / access control device.  You could capture the netflow data, and but it is not really the best solution.
0
AlanConsultantCommented:
Hi,

Without knowing more about your network configuration, it is hard to be sure, but you could certainly place a monitoring device, such as an old PC running Linux with two NICs in between your Router and the rest of the network.

If you are using WiFi, and that is being provided by the router, then you would need to disable that, and add another WiFi AP inside (LANside) of the monitoring PC, else it would be bypassed by that traffic.

You could then run monitoring software on the Linux machine since all (external) network traffic would have to go through there.

Please note that, without getting into installing your own certificates on all the client machines, you would not be able to fully inspect any packets that were going between two secure endpoints using TLS (such as someone going to their bank's website), and much (potentially most) traffic is secured with TLS now.

However, you would be able to see *where* the traffic was going, even if you can't see the actual data.

Hope that helps,

Alan.
0
DP230Network AdministratorAuthor Commented:
Hi Alan, what do you need to know in my environment? and what tool will be installed in Linux machine?
0
AlanConsultantCommented:
The main things would be whether you are using wifi, and whether you are using the router as a switch too.

To make this work, you would need to disable wifi on the existing router (and replace that functionality with a new AP if you need WiFi), and if you are using the router as a switch, replace that functionality with a new switch inside.  That would ensure that all traffic goes via the monitor.

PFSense is very good, and if you are not inclined to set it up from scratch, you can also purchase dedicated hardware running PFSense that will cover off some of the above too (I have not looked to see if any of the product options can do WiFi, but if not, that it pretty simple and easy to add in as required).

There are many other options out there at varying costs depending on what you might have sitting around, and how much experience you might already have or time to get up to speed with the options.

Hope that helps,

Alan.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
masnrockCommented:
You could look at implementing a proxy. Given that you have a ton of choices, I won't go out to endorse a specific one. But in the long run, do you solely want to know the sites they go to, or do you want to actually be able to have controls over what's allowed as well?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Analysis

From novice to tech pro — start learning today.