On Tue, 4 Jan 2005, Luca Marchiori wrote:
I need to do this because a customer of mine is thinking that an employee is doing "strange things" with the internet connection. He is thinking that the employee is uploading documents on a virtual hard disk on the internet (sorry 4 my poor english...).
So your real question is if it is possible to determine with the help of Squid if this employee is uploading confidential information to a third party web site.
From the Squid logs you can easily tell what web sites the user is
visiting, and how often.
If you think this is being done and is done in good faith then the best action is to simply ask the employee if he is doing this or if he is aware what the implications of doing so would be.
Generally speaking, if the web site is https based then all you can see is the amount of traffic going in both directions, but if it is http based then everything can be seen (just dump the network traffic and analyze it). This is not directly related to Squid but any Internet usage.
As for Squid you have somewhat limited tools for doing this. Partly due to the problem not being Squid specific but a general problem of how to monitor usage of Internet.
In an ethical point of view stealing the users personal login details to this third party web site by analyzing his traffic is very dubious in my view, and probably illegal in many countries. You surely should be able to make up better approaches in proving/disproving the claims of Internet connection abuse.
Regards Henrik
