• Status: Solved
  • Priority: Low
  • Security: Public
  • Views: 136
  • Last Modified:

monitoring network activities

Hi, we are in work group environment, using cisco c3925 as the router facing Internet. How can we know the Internet pages where users access? Do you know any free tool or devices? Many thanks.
0
Tjno
Asked:
Tjno
4 Solutions
 
Bryant SchaperCommented:
It would be hard from just the router, that would be more like a firewall / access control device.  You could capture the netflow data, and but it is not really the best solution.
0
 
AlanConsultantCommented:
Hi,

Without knowing more about your network configuration, it is hard to be sure, but you could certainly place a monitoring device, such as an old PC running Linux with two NICs in between your Router and the rest of the network.

If you are using WiFi, and that is being provided by the router, then you would need to disable that, and add another WiFi AP inside (LANside) of the monitoring PC, else it would be bypassed by that traffic.

You could then run monitoring software on the Linux machine since all (external) network traffic would have to go through there.

Please note that, without getting into installing your own certificates on all the client machines, you would not be able to fully inspect any packets that were going between two secure endpoints using TLS (such as someone going to their bank's website), and much (potentially most) traffic is secured with TLS now.

However, you would be able to see *where* the traffic was going, even if you can't see the actual data.

Hope that helps,

Alan.
0
 
TjnoNetwork AdministratorAuthor Commented:
Hi Alan, what do you need to know in my environment? and what tool will be installed in Linux machine?
0
 
AlanConsultantCommented:
The main things would be whether you are using wifi, and whether you are using the router as a switch too.

To make this work, you would need to disable wifi on the existing router (and replace that functionality with a new AP if you need WiFi), and if you are using the router as a switch, replace that functionality with a new switch inside.  That would ensure that all traffic goes via the monitor.

PFSense is very good, and if you are not inclined to set it up from scratch, you can also purchase dedicated hardware running PFSense that will cover off some of the above too (I have not looked to see if any of the product options can do WiFi, but if not, that it pretty simple and easy to add in as required).

There are many other options out there at varying costs depending on what you might have sitting around, and how much experience you might already have or time to get up to speed with the options.

Hope that helps,

Alan.
0
 
masnrockCommented:
You could look at implementing a proxy. Given that you have a ton of choices, I won't go out to endorse a specific one. But in the long run, do you solely want to know the sites they go to, or do you want to actually be able to have controls over what's allowed as well?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now