Jason Stelzer on 5 Jan 2009 10:43:25 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] monitoring employee web browsing


The only way you're going to get a list of urls is if you setup some
sort of transparent proxy to do the request inspection. Think virtual
hosts, etc.

Other than that, besides http traffic, what else is going on? Are
there any firewall rules at all preventing p2p? It seems weird that
http traffic alone is consuming all your bandwidth. Its quite probable
that there are a few folks grabbing mp3's, movies, whatever.

If you've blocked everything but the http ports, I'd still setup some
sort of transparent proxy to log sites visited and to ensure that
people aren't subverting the firewall by tunneling an ssh connection
or something silly. At the very least you could see what users were
using what services and make a decision based on trust or something.

As for tying the PC to the extension, can you rely on the ip and/or
mac address to map back to the person? If that's the case you could
always set up the bridge to log connections, but that gets noisy and
in the case of virtual hosts it doesn't really tell you much by way of
content.

On Mon, Jan 5, 2009 at 12:59 PM, Chad V <csv@gamebox.net> wrote:
> Hey all,
>
> Right now, I have a transparent bridge setup at a company I'm doing
> some troubleshooting & other project work for.
>
> Internet  -----  FiOS Router ----  Linux Bridge -----  switches
> ------- PC's & VoIP phones
>
> Right now, the bridge is running ntop for bandwidth monitoring and I
> also run some command line Wireshark packet captures (tshark).
>
> I'm looking for software that can monitor what computer (and by
> extension, person) is browsing what web sites.  I would also like to
> get a measure of time spent browsing and to be able to look for sites
> that shouldn't be looked at.   The company isn't looking to curtail
> web usage or anything with a proxy, filter or "net nanny" type app.
> However, they are using a large % of their available bandwidth at some
> points in time and are loosing VoIP quality.
>
> I would just like to include in my troubleshooting report, information
> such as top sites visited, top bandwidth users, etc., so that they can
> take appropriate action.
>
> I've been looking at using a transparent proxy using squid, but I'm
> not quite sure how to get the reports I want.  I've also been looking
> at urlsnarf (from the dsniff  toolset) to output a text file and try
> to make my own reports from it.
>
> Any ideas on how to accomplish this goal?  What applications have you
> used and why?
>
> Thanks,
> Chad
> ___________________________________________________________________________
> Philadelphia Linux Users Group         --        http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
>



-- 
J.
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug