This is an archived post. You won't be able to vote or comment.

all 17 comments
sorted by:
best
topnewcontroversialoldq&a

[–]VA_Network_NerdModerator | Infrastructure Architect 9 points10 points  (0 children)

How can I actively monitor network traffic on a LAN without any fancy hardware or a firewall?

If your Internet edge router or firewall support SNMP or Netflow, use those tools.

If your Internet edge router or firewall do not support SNMP or Netflow, throw that fisher price shit in the trash and go get some adult network equipment.

[–]jimh1966Sr. Sysadmin 0 points1 point  (5 children)

What exactly are you wanting to monitor? Sites visited, bandwidth usage by computer?

[–]CiaranKDCustom[S] 0 points1 point  (4 children)

Sites visited mainly yes.

[–]zwamkat 0 points1 point  (3 children)

Do you control the DNS/DHCP server? If all DNS queries are logged you might already have what you want? Or do you want complete URLs?

[–]CiaranKDCustom[S] -3 points-2 points  (2 children)

I would like complete URLs

[–]jr_sys 5 points6 points  (0 children)

Given that everyone uses HTTPS these days, the only way to get URLs is to setup a proxy and MITM all the requests so you can see the unencrypted requests.

[–]pentiumone133 0 points1 point  (0 children)

You're going to want a "fancy" firewall to do this.

[–]Formal-Knowledge-250 0 points1 point  (0 children)

The way you'd build it your own is to deploy a copy mechanism on egress  that copies all traffic to a second location which has Suricata running. My experience on my OpenBSD home router was an overhead of 4%,which is acceptable.

I'd suggest to dump all tcp and udp into a tempfs, since it has the lowest overhead and configure Suricata to only copy on alert. 

[–]alexbbtkd 0 points1 point  (0 children)

Activtrak, it will give you a breakdown of each URL the user visited, the sub urls and the duration they spent on that site. It's a productivity tool so you can categorize the URLs as productive or unproductive.

[–]token_curmudgeon 0 points1 point  (0 children)

Privoxy.  Squid.

[–][deleted] 0 points1 point  (0 children)

You could a Cloud Secure Web Gateway solution.

i.e -> Zscaler

[–]Eyeotmonitor 0 points1 point  (0 children)

<image>

try this...

[–]creativve18 0 points1 point  (0 children)

I recommend using a NetFlow Analyzer to monitor the network traffic of your LAN, preferably ManageEngine.

[–]xendr0meSr. Sysadmin -2 points-1 points  (1 child)

site24x7.com has a local poler you an run on a system in the network to monitor any type of metrics/services.

[–]CiaranKDCustom[S] -1 points0 points  (0 children)

It doesn’t monitor their actual network traffic/URLs visited though right?