Montior network activity...Witeshark?

BrianS

In Runtime
Messages
102
We are a small company, 15 people and by default since I am now the most computer savy person here (the last network administrator decided to quit) I am being left in charge until we find someone else new to take over. I know that a lot of people are doing personal stuff on the clock and I want to stop that or at least have some proof to show to the boss to make him aware and be able to back it up.

I was thinking WireShark might be what I want to use. We have 11 computers that are wired on the LAN and we have 4 that are always on an open wifi connection (these are not used for anything sensitive and is set up in a "Y" configuration so that there is no access to the LAN from those.

I want to know the best way to monitor what is going through the network but I will admit I am more versed in web design, now network administration. All I really care about is being able to see what computer (name or IP Address is fine) is going to what websites. I don't care about logging logins and passwords, just knowing the destination they are traveling to.

The main reason is there is one person that I know has been going to some sites that are in the adult genera. I was doing a little work on it and went to the history and what do you know...adultmatch.com. This is being done on a company issued laptop and going through the company T1. I didn't have the time to take a screen shot of it and now I notice that he is deleting his history every time he closes Firefox.

Can anyone give me some advice as to what the best software would be for doing this? And for all the legal blah blah blah, it is written down in the company policy that all email and network traffic is subject to monitoring. I just don't want to spend $50 for some kind of software to monitor the laptop and then send me reports on what is happening. I want to be able to do it in as close to as real time as possible.
 
Perhaps not what you were after - but perhaps a simpler solution would be to grab a list of sites you don't want people visiting and block them all?
 
That would work but I don't want to just block the site. I want to bring it to the attention that it is being visited. People have been fired/reprimanded before for playing WoW on company computers during company hours and we have a very low tolerance on stealing company time. So that site will be blocked eventually but the standard is to catch the person, confront them with proof and act accordingly and then block the site for future use. The old network admin had done that a couple times but when he left, he left everything in a total mess and I am not sure what he used to monitor the network.
 
Bump.. If anyone has a answer to this. I'm really interested to know of good software too. I'll do some research

BTW, WoW should be fairly easy to block people from using. From what I remember.. WoW is setup to login to a certain address from the start. I forgot what that address was, like Server.Worldofwarcraft.com (I don't think it's that) But if you block that domain, it should prevent them from logging in.
 
I know that my organization uses WebSense to monitor activity of users while on the net. While running a few Google searches I came across some sites that, apparently WebSense blocks it's competitors websites. One such site, that I was only able to read the description of the service through the Google short description, was www.spectorsoft.com. May be worth checking out. I'll talk to my friends in IT and see exactly what software package they use and what ability it provides.
 
web sense is good software
you can also use microsofts Isa server, or the new version of it called threat management gateway.

then there are free proxy servers like squid or privoxy.

Wireshark will tell you what sites people are going to, but really the log files are going to be too massive to analyze.

what you need is a proxy server,

you install a proxy server then tell it to log all traffic, this will record what traffic pass through the proxy server, like the machine that's requesting a website and what site it's visiting.

once you've got your list of sites that people are visiting then you can use the same proxy software to ban certain sites.


one of the great things about websense is that they actively search out sites so you can block them by category. this means that you can block a category of adult sites or gambling or internet banking for example.

then you don't have to maintain a list in house of all the sites that fit into that category.

there is however a charge for this list that constantly updates.
 
Back
Top Bottom