Re: Internet Users Logging. [7:1562]

Sun, 22 Apr 2001 23:39:16 -0700 

Heh, well, I found out a simple way to do this tonight (I'd never needed to
use it before, always having Sniffer Pro on my laptop available).  One way
might be to put a sniffer either inside or outside your firewall to watch
all data (and possibly filter on http if that's all you want).

tcpdump (I believe standard on most *nixes) appears to work great for this.
You can tell it stuff like this:
 tcpdump 'gateway 172.16.1.1 and (port ftp or ftp-data)'

It logs lines such as:
22:55:42.624793 www.curtis-arata.com.ftp > p3E9C01CE.dip.t-dialin.net.63069:
P 0:42(42) ack 1 win 8467 (DF)
22:55:57.446055 www.curtis-arata.com.ftp > p3E9C01CE.dip.t-dialin.net.63069:
P 0:42(42) ack 1 win 8467 (DF)
22:56:27.078577 www.curtis-arata.com.ftp > p3E9C01CE.dip.t-dialin.net.63069:
P 0:42(42) ack 1 win 8467 (DF)
22:57:26.363622 www.curtis-arata.com.ftp > p3E9C01CE.dip.t-dialin.net.63069:
P 0:42(42) ack 1 win 8467 (DF)

Throw this at something like Webalizer and it'll save you a lot of work (or
just make an ACL on your Cisco router/firewall permit all, but first permit
the traffic you want to log and specify log at the end of the line).

I'm not a lawyer and this shouldn't be construed as legal advise, but I
would make sure you've got a company internet policy established beforehand
(and even signed by users, if possible), and include in it that you can and
do monitor traffic.  Otherwise you might have someone complaining that
you're violating their privacy, etc.  I just ssh tunnel all traffic I don't
want anyone to see to my personal box, so you'd never catch me ;-p


--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/



""Tariq""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Helo everybody.
>
> I want to monitor the activities of my LAN users who are browsing
different
> web sites.
> I want to enable logging for those users and want to save my all logging
> information on my Windows 2000 server.
>
> Please let me know the procedure.
>
> Thanks in advance.
>
> Tariq
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=1569&t=1562
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to