sirgregg Posted December 5, 2009 Share Posted December 5, 2009 So here's the thing. My employer has a couple of workers he doesn't really trust. He asked me to try and find a way to monitor his actions on the PC. I tried to find an auditing software but everything I could find is either very expensive or not really stealthy. I thought about capturing the packets between the PC and the router (since I'm mostly interested in the web traffic) and filtering them on the fly to save only the important information. I am not however sure if that's possible, and if - how to do that. How would you go about doing that? Any ideas, solutions? Quote Link to comment Share on other sites More sharing options...
Sparda Posted December 5, 2009 Share Posted December 5, 2009 You could easily use a proxy, even make it transparent so no actual configuration has to be done on the computers. Quote Link to comment Share on other sites More sharing options...
thefatmoop Posted December 6, 2009 Share Posted December 6, 2009 if you have a linux pc use ettercap to mitm the employees then use urlsnarf to see the urls they visit. for lols you use driftnet after mitm and see all the images going through ur network card [sudo] ettercap -i <network interface> -G urlsnarf - sniffs traffic for url headers (text based, and just the url of the page) sudo urlsnarf -i eth1 Driftnet -Driftnet is a program which listens to network traffic and picks out images from TCP streams it observes. driftnet -i eth1 or just get some hardware keylogger. im very surprised your employer has no way of monitoring traffic/comp use o.o what happens if a serious lawsuit gets thrown at the company cause someone was uploading/downloading kiddy pr0n or music. if u can't get evidence who did it the company is going to take the blame Quote Link to comment Share on other sites More sharing options...
Sparda Posted December 6, 2009 Share Posted December 6, 2009 ARP poisoning any network is ultimately a bad idea. It's more likely to brake things than doing some thing else that achieves the same effect. Quote Link to comment Share on other sites More sharing options...
digip Posted December 6, 2009 Share Posted December 6, 2009 http://www.spyassociates.com/computer-soft...01f2542542487eb Quote Link to comment Share on other sites More sharing options...
azend Posted December 6, 2009 Share Posted December 6, 2009 Or you could pull the lazy way and just grab their deleted history: LINK Quote Link to comment Share on other sites More sharing options...
catchyanow Posted December 6, 2009 Share Posted December 6, 2009 Or you could pull the lazy way and just grab their deleted history: LINK lol Quote Link to comment Share on other sites More sharing options...
Sud0x3 Posted December 6, 2009 Share Posted December 6, 2009 Depends on company policy on employees use of computer networks. When you start a new job you would usually have to sign a company statement on authorised use of their networks, if you don't have it in writing that their traffic can be monitered without their knowledge then you could have a lawsuit on your hands. Quote Link to comment Share on other sites More sharing options...
wh1t3 and n3rdy Posted December 7, 2009 Share Posted December 7, 2009 Any company with half a brain will have that clause in there Systems user agreement IMO. My last job had this , and it wasn't very well enforced which sucked. Nothing like doing double the work so other people can fuck around on facebook all day (They wouldn't block it, no matter how many times the issue was raised.) Quote Link to comment Share on other sites More sharing options...
digip Posted December 7, 2009 Share Posted December 7, 2009 Our system used a proxy you had to log into. The proxy would pop up with a note that all system activity was logged and for bussiness uses only, violators would be terminated. The system for the most part blocked sites like Facebook and YouTube anyway, so you couldn't get on them if you wanted to. Why a company woudl not block them to begin with is their own fault. Quote Link to comment Share on other sites More sharing options...
wh1t3 and n3rdy Posted December 7, 2009 Share Posted December 7, 2009 I agree. Where I am now uses a transparent proxy but tbh the percentage of offenders is a great deal less than where I worked before. Facebook was blocked here because it accounted for 25% of internet traffic. Quote Link to comment Share on other sites More sharing options...
MRGRIM Posted December 7, 2009 Share Posted December 7, 2009 Any good firewall should give you these kind of reports? What firewall are you running? Quote Link to comment Share on other sites More sharing options...
thefatmoop Posted December 8, 2009 Share Posted December 8, 2009 ARP poisoning any network is ultimately a bad idea. It's more likely to brake things than doing some thing else that achieves the same effect. you mean break? Quote Link to comment Share on other sites More sharing options...
Sparda Posted December 8, 2009 Share Posted December 8, 2009 you mean break? yes, spelling is not my forte. Quote Link to comment Share on other sites More sharing options...
d4rkfe4r Posted December 8, 2009 Share Posted December 8, 2009 Yeah, I need to install some sort of filter at my job i just dont know which one I should get. Quote Link to comment Share on other sites More sharing options...
Ryan J Posted January 3, 2010 Share Posted January 3, 2010 So here's the thing. My employer has a couple of workers he doesn't really trust. He asked me to try and find a way to monitor his actions on the PC. I tried to find an auditing software but everything I could find is either very expensive or not really stealthy. I thought about capturing the packets between the PC and the router (since I'm mostly interested in the web traffic) and filtering them on the fly to save only the important information. I am not however sure if that's possible, and if - how to do that. How would you go about doing that? Any ideas, solutions? 1)Hard IP the box 2)Use wireshark and just listen to the activity to and from that box Quote Link to comment Share on other sites More sharing options...
joeypesci Posted January 5, 2010 Share Posted January 5, 2010 Regarding auditing software. Spiceworks is free and seems good. Quote Link to comment Share on other sites More sharing options...
bmanice Posted March 25, 2010 Share Posted March 25, 2010 im pretty sure you can get webmarshall free for 30days, set it up on a box and target your problem child until your told to stop. and don't forget to get authorization before doing any sort of monitoring, this could back fire and make you lose your job... webmarshall kinda sucks for a permenant solution, i used it before, but its the only one i can think of off the top of my head. also make him a normal user while your doing this so he cannot modify browser proxy settings and bypass it... g/l Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.