+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 16
Windows Thread, Can Wireshark Be Used To Monitor Another User's Web Activity in Technical; i want to be able to monitor web activity of another computer during the day. i know the ip address ...
  1. #1

    Join Date
    Mar 2012
    Location
    Canada
    Posts
    117
    Thank Post
    2
    Thanked 2 Times in 1 Post
    Rep Power
    5

    Can Wireshark Be Used To Monitor Another User's Web Activity

    i want to be able to monitor web activity of another computer during the day. i know the ip address of the computer and was thinknig wireshark might do this for me? I've never used wireshark though and it looks confusing to say the least. So firstly i just want to check that its actually going to work. So am i on the right train of thought with this?

  2. #2

    Join Date
    Oct 2005
    Posts
    943
    Thank Post
    225
    Thanked 174 Times in 136 Posts
    Rep Power
    102
    Using wireshark to do this might be possible in theory but it's not the tool for the job at all, and will likely be totally impractical. Does the PC not go through a proxy server or gateway where its connections can be logged?

  3. #3

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    149
    If your on a switched network then wireshark will not be much cop unless you can mirror the switch port being used.

    And as the other poster mentioned, it's not the tool for the job.

    Also, do you have an AUP stating that you will be logging internet traffic? If not then you could be in trouble and don't bother trying to use the information directly if you have no AUP.

    Rob

  4. #4


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,534
    Thank Post
    271
    Thanked 752 Times in 590 Posts
    Rep Power
    218
    Wireshark will work on a mirrored port, but the capture will be rather large and full of noise unless you know how to use it (and your post shows you don't).

    A proxy would be better for a blow-by-blow log, whereas something like ntop would give you a broader idea of traffic from that IP.

    What problem are you trying to solve (or prove/disprove)?

  5. #5

    Join Date
    Mar 2012
    Location
    Canada
    Posts
    117
    Thank Post
    2
    Thanked 2 Times in 1 Post
    Rep Power
    5
    trying to determine how much time someone is wasting on facebook instead of working. Our traffic goes through a SonicWall TZ210 but unless im using it wrong, the logs in that brings up nothing useful.

  6. #6

    Oaktech's Avatar
    Join Date
    Jul 2011
    Location
    Bournemouth
    Posts
    2,463
    Thank Post
    678
    Thanked 451 Times in 363 Posts
    Rep Power
    229
    If someone is on facebook, i suggest you get an AUP change banning facebook inside work hours passed by management in a hurry, make everyone aware that the terms have changed, then use firewall/proxy logging to catch those who have not sensibly complied with AUP. This may well be one of those all too frequent instances of trying to solve a training/HR problems with technology.

  7. #7

    Join Date
    Mar 2012
    Location
    Canada
    Posts
    117
    Thank Post
    2
    Thanked 2 Times in 1 Post
    Rep Power
    5
    Where i work (its not a school) needs to use Facebook and doesn't want to ban it but at the same time i think before they talk to the person in question about it they want some actual statistics

  8. #8

    Domino's Avatar
    Join Date
    Oct 2006
    Location
    Bromley
    Posts
    4,020
    Thank Post
    212
    Thanked 1,164 Times in 758 Posts
    Blog Entries
    4
    Rep Power
    481
    NTOP might be an option? much more info than you really need, but should be able to show you each hosts time connected to each resource/ traffic downloaded (including web sites) ntop

    but yet again a proxy might be a better idea, maybe a little smoothwall express box?

  9. #9

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    12,968
    Thank Post
    587
    Thanked 1,496 Times in 1,342 Posts
    Rep Power
    398
    So management want a big IT stick to use against their employee rather than having a discussion?

    Ben

  10. Thanks to plexer from:

    Oaktech (9th August 2012)

  11. #10

    Oaktech's Avatar
    Join Date
    Jul 2011
    Location
    Bournemouth
    Posts
    2,463
    Thank Post
    678
    Thanked 451 Times in 363 Posts
    Rep Power
    229
    I was about to say that surely a generic "We've noticed you spend a lot of time on Facebook, is it really all for the good of the company? conversation, followed by a period of fairly obvious observation giving the employee in question a chance to straighten up and fly right, would be a much less employee-moral-sapping-its-management-against-us way of dealing with it. If it continues after a warning, than either the employee is stupid or has an addiction. In which case i think employing a proxy server is the best way to do it.

  12. #11

    Join Date
    Mar 2012
    Location
    Canada
    Posts
    117
    Thank Post
    2
    Thanked 2 Times in 1 Post
    Rep Power
    5
    the point is they only suspect the person is spending 'too much time on facenbook' that is why they want the actual numbers before they speak to the person about it.

    i'll have a look at ntop thanks

  13. #12

    Join Date
    Mar 2012
    Location
    Canada
    Posts
    117
    Thank Post
    2
    Thanked 2 Times in 1 Post
    Rep Power
    5
    should also say i have full access to the persons computer if there is a simple way to turn on logging of websites visited?

  14. #13

    Oaktech's Avatar
    Join Date
    Jul 2011
    Location
    Bournemouth
    Posts
    2,463
    Thank Post
    678
    Thanked 451 Times in 363 Posts
    Rep Power
    229
    is there not just history in the normal history folders?

  15. #14

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    149
    I could spend all day on facebook and only pass a couple of Megabytes of data.. or I could spend five minuets and pull a lot more.

    Rob

  16. #15


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,534
    Thank Post
    271
    Thanked 752 Times in 590 Posts
    Rep Power
    218
    Quote Originally Posted by plexer View Post
    So management want a big IT stick to use against their employee rather than having a discussion?

    Ben
    95% of the time it's ever come up here, the statistics have been in the employees' favour and has resulted in a "No, they're not messing around on the Internet instead of working" (which is all managers get and they need SLT sign-off for even that level of info). Discussions with employees can explode in your face if you're acting on what you think is happening, rather than what's actually happening.

    For example:

    Jeff's work is suffering, he didn't get the report finished for Bob, his manager. Bob notices Facebook open on Jeff's screen and thinks he's found the reason Jeff's isn't performing - he's slacking on the Internet. Bob calls Jeff into a meeting with HR and starts to discuss him spending too much time on Facebook.

    Unfortunately for Bob and HR, Jeff's quite a private person and doesn't mix work and play. His work has been suffering because his Dad's just died and they're making funeral arrangement via Facebook. Bob and HR now feel like complete tools and Jeff is not very happy with them.

    TLDR: The Big IT Stick can be used for Good as well as Evil. Just ensure it's not used for fishing trips.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 14
    Last Post: 16th June 2011, 11:22 AM
  2. Thought this would be useful to pass on about Friday 8th of May
    By Shane in forum South West Grid for Learning (SWGfL)
    Replies: 1
    Last Post: 7th May 2009, 03:52 PM
  3. Exchange Server Being Used to Spam
    By coop1984 in forum Windows
    Replies: 3
    Last Post: 27th June 2008, 10:38 AM
  4. Terminal Server - limit which computers can be used to logon
    By broc in forum Thin Client and Virtual Machines
    Replies: 5
    Last Post: 26th June 2007, 02:21 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •