Go Premium for a chance to win a PS4. Enter to Win


monitoring network activities

Posted on 2017-08-28
Low Priority
Last Modified: 2017-09-03
Hi, we are in work group environment, using cisco c3925 as the router facing Internet. How can we know the Internet pages where users access? Do you know any free tool or devices? Many thanks.
Question by:13L@CK_H3@RT
LVL 13

Assisted Solution

by:Bryant Schaper
Bryant Schaper earned 250 total points
ID: 42272447
It would be hard from just the router, that would be more like a firewall / access control device.  You could capture the netflow data, and but it is not really the best solution.
LVL 20

Assisted Solution

Alan earned 500 total points
ID: 42272720

Without knowing more about your network configuration, it is hard to be sure, but you could certainly place a monitoring device, such as an old PC running Linux with two NICs in between your Router and the rest of the network.

If you are using WiFi, and that is being provided by the router, then you would need to disable that, and add another WiFi AP inside (LANside) of the monitoring PC, else it would be bypassed by that traffic.

You could then run monitoring software on the Linux machine since all (external) network traffic would have to go through there.

Please note that, without getting into installing your own certificates on all the client machines, you would not be able to fully inspect any packets that were going between two secure endpoints using TLS (such as someone going to their bank's website), and much (potentially most) traffic is secured with TLS now.

However, you would be able to see *where* the traffic was going, even if you can't see the actual data.

Hope that helps,


Author Comment

ID: 42272815
Hi Alan, what do you need to know in my environment? and what tool will be installed in Linux machine?
LVL 20

Accepted Solution

Alan earned 500 total points
ID: 42272827
The main things would be whether you are using wifi, and whether you are using the router as a switch too.

To make this work, you would need to disable wifi on the existing router (and replace that functionality with a new AP if you need WiFi), and if you are using the router as a switch, replace that functionality with a new switch inside.  That would ensure that all traffic goes via the monitor.

PFSense is very good, and if you are not inclined to set it up from scratch, you can also purchase dedicated hardware running PFSense that will cover off some of the above too (I have not looked to see if any of the product options can do WiFi, but if not, that it pretty simple and easy to add in as required).

There are many other options out there at varying costs depending on what you might have sitting around, and how much experience you might already have or time to get up to speed with the options.

Hope that helps,

LVL 32

Assisted Solution

masnrock earned 250 total points
ID: 42277574
You could look at implementing a proxy. Given that you have a ton of choices, I won't go out to endorse a specific one. But in the long run, do you solely want to know the sites they go to, or do you want to actually be able to have controls over what's allowed as well?

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

876 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question