Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

how to view internet activity

Status
Not open for further replies.
jimbob1120

jimbob1120

Technical User
Jun 16, 2003
7
0
0
US
We beilieve that a person is using the internet for "non-business" and/or less than professional purposes. For a variety of reasons I can't simply confront the person or audit his PC.

How do I audit usage through my W2K server?
 
Sort by date Sort by votes
We could definitely use some more information. Like is your Win2k server the internet gateway? If not, you may want to look at MRTG and monitor your router instead.

Tell us a little about your architecture and we might be able to provide an intelligent answer.


pansophic
 
Upvote 0 Downvote
You can get a temporary demo of Computer Associate's Intrusion Detection for free ( If you have what I see most often as a "typical" setup for small companies -- a router, a hub or switch, and desktops, with DHCP assigned either by the router or a server -- then you can set up this to monitor all traffic that moves between the router and your network.

It's easy to do. If your company uses a single hub, you can use any other machine on the same hub to monitor all activity. If your company uses an unmanaged switch, the easiest thing is to GET a little hub and put it "between" the router and the switch, so that all traffic flows over the hub. Then you stick a monitoring machine on the hub.

So, once you've got a machine on a hub, you can start listening. There are free programs like ethereal that you can run even on windows, but if you don't have time to sit down and learn how to use them, the Computer Associates product is pretty easy (at least it was when I used it for someone a couple of years ago). You install the software and configure it appropriately (you need to be 'promiscuous') :). This software does the rest -- its primary function is to look for attacks on your network, but it will also tell you the websites everyone is visiting, even grouping them by sports, porn, job-hunting, etc. You can create rules that will deny or allow access to things like Kazaa, for example, and, oh yeah, if you're using POP you can read everyone's email and see everyone's password. (That goes for any packet sniffing software).

About the only thing you can do with your W2K server alone, if it's set up in the "typical" way, and you're using it for DNS, is to look through the DNS cache and see what sites have been resolved. That's sometimes enough to show management WHY you need monitoring/filtering software.

It's nice if you have a company policy in print available to all employees. It's not nice to just ambush them. Of course, it IS a company resource, and they shouldn't be doing private things anyway.
 
Upvote 0 Downvote
Hi jimbob1120!
I think you need try this advanced keylogger Advanced KEYLOGGER is an invisible surveillance tool that records every keystroke to encrypted user-friendly easy-to-understand logs.
It can:
capture passwords and logins
keep track of all Key Strokes
record all Internet Activity
keep Screen visual statistics
watch everything opened, typed and saved
monitor instant messaging software
keep tabs on all E-mail clients
send reports secretly to your
E-mail address
reveal others secrets
I hope it will be usefull for you!
 
Upvote 0 Downvote
Jimbo, the problem doesn't appear to be technical in nature rather political. Here's the question you need to ask yourself, the HR dept, and the CIO.

Do we own the asset or does the user?

If the company owns the asset, your security plan should include employee rules that say, if IT wants to look at your PC, move your butt out of the chair and let them at it. If you need your leagal dept. or HR dept represented there when it happens so be it. In all likely hood the PC is the company's tool, and users' need to understand that plainly.
 
Upvote 0 Downvote
"Break" the users machine "accidently"...just delete the computer domain account from inside the Win2k server. Now you MUST sit at his machine to re-connect it to the server, after you do reconnect, copy his internet temporary directory to a network resource before you leave. Later go through his internet history file, printing anything interesting for management.
 
Upvote 0 Downvote
Jimbo your treading on privacy rights and awhole lot of other issues with the above topic. Review your company policies and see if anything regards things like this or capture of network activity.. If not consult HR..

Moving on tell me about your network and if its switched or hub based nad i will help.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
150
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
154
Johnkite
Johnkite
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
130
nnaarrnn
nnaarrnn
Russtoleum
  • Locked
  • Question
Windows client can't connect to sonicwall l2tp server
Replies
0
Views
51
Russtoleum
Russtoleum
agentpineapple
  • Locked
  • Question
View dropped packets
Replies
2
Views
41
agentpineapple
agentpineapple

Part and Inventory Search

Sponsor

Back
Top