Assistance with tracking of visited sites.

[[GSV]Lemming]

I need some suggestions for a way to monitor visited websites by my son, and to log activity times by IP devices.

My setup at home is as follows...

1 domain controller, windows 2000.
1 file server, windows 2000
5 PCs, XP and W7
1 lapto W7
1 netbook XP
3 blackberrys
Blueray player
Xbox 360
PS3

All the devices access the net through a mix of wireless, standard ethernet and homeplug ethernet.

At present everything goes direct to the router for net access so I have no idea of what device is on and what it is accessing. I would like to be able to log all of this for review at a convenient time.

Is there an easy way to achieve this? I have checked for logging options on the router but it isnt useful, its just a bog standard linksys wireless router, a few years old.

 

[Azuse05]

There are tomato builds that can log sites visited, but that would depend on the router. Open dns would also work.

 

[Zid_]

Wireshark will do the trick.

 

[PistolPete]

Wireshark will do the trick.

This would require a port mirroring switch, or a hub to be able to see all the traffic and is probably a bit much for what this guys needs.
Trawling through GB log files for info is not fun.

 

[Zid_]

This would require a port mirroring switch, or a hub to be able to see all the traffic and is probably a bit much for what this guys needs.
Trawling through GB log files for info is not fun.

You can set up some nice filters to only view relevant things. I agree it's overkill but it's simply because we don't know why OP actually wants to do this.

OP, do you just want to spy on your kid or do you want to prevent access to something?

 

[23JMZ07]

OpenDNS is your best bet

 

[Skidilliplop]

Another vote for OpenDNS.

Wireshark isn't really designed for monitoring application layer activity. It's a network protocol troubleshooting tool primarily. To achieve the same result would be an effort to say the least, port mirroring or ARP poisoning as well as needing the logging PC on all the time.
A lot easier to get OpenDNS to do that for you.

 

[RazorBlade]

If your son can change DNS settings then open DNS will not work.

 

[23JMZ07]

It would also not work if he navigated via IP addresses but at the end of the day not many kids know to do that...
Or care..

 

[tntcoder]

A nice and more solid way than using DNS hacks if you have the time would be to set up a Squid proxy server, you could do it in a VM maybe on the DC.

Logging, blocking and statistics would be easy from there.

 

[Azuse05]

It would also not work if he navigated via IP addresses but at the end of the day not many kids know to do that...
Or care..

Vpn would scupper any snooping attemps anyway.

So what linksys router is it? Tomato, if only to force dns servers, would make this so much easier.

 

[KIA]

If your son can change DNS settings then open DNS will not work.

Remove local admin.

 

[SoundsGood]

A nice and more solid way than using DNS hacks if you have the time would be to set up a Squid proxy server, you could do it in a VM maybe on the DC.

Logging, blocking and statistics would be easy from there.

Was going to suggest this.

 

[[GSV]Lemming]

I want to be able to see where he goes for starters, I am working 12 hour shifts which means he is alone a lot and he has A levels coming up. I suspect I will need to block some sites once I know what hes doing and when, with RDP to my own desktop I would like to be able to let him know I know what hes up to, and on what console or pc!!
Installing anythign local is out, hes not massively computer savvy, but his mates are, so sites have to be monitored external to his PC.

 

[Zid_]

It's a tricky game to start playing. One you'll never really win to be honest. Neither of you will on a home network.

If you just want him to study, be straight up with him. If he's doing well in school, maybe there's not much need to do it at all?

This game of cat and mouse could actually ironically cause a massive loss of study time while you both bugger about changing settings. He could also just start going round his mates' houses.

 

[23JMZ07]

TBH OpenDNS is still the way forward.. If you put the OpenDNS addresses into your router and then have the local machines obtain them from DHCP nothing is going to look out of the ordinary. I highly doubt his "savvy mates" are gonna try different DNS addresss and id be supprised if they even knew any public dns servers.

 

[ecksmen]

If you have a domain controller, surely all the local machines will have that for its DNS server, you would then just configure the DNS server to forward non resolved addresses to OpenDNS. You would just need to configure DHCP options to set DNS to that of the DC.

If you're router doesn't offer this, install DHCP on the domain controller and disable it on the router.

 

[[GSV]Lemming]

Opendns looks like it will do the trick, thanks for all of your time in posting.

 

[Skidilliplop]

Simplest way to lock him down from changing DNS servers is stick firewall rules on the router blocking DNS lookups (TCP & UDP port 53) other than to your selected openDNS servers. In theory he could still bypass it by navigating to the IP but without DNS finding said IP would be difficult, also IP only really works until he clicks a link on the site that redirects to another page, which often point to a URL rather than a relative path, which will invoke a DNS lookup.
It's as good as you'll get. As with any restrictive measure, if someone is determined enough to get round it they will. All he has to do to circumvent all your measures is hack a neighbours wifi. Which if they're using WEP is easier than hacking round the filtering.



BTW he doesn't know about this forum does he?

 

[23JMZ07]

BTW he doesn't know about this forum does he?

****ed if he does