|
Question : Need to monitor internet usage
|
|
Okay, I am limited on time. The setup in my enviornment is not the best case scenario but this is what I have.
A workstation connected to a dell switch. Dell switch is 2724 Powerconnect. Does NOT show mac address tables on the config, it stinks. Dell has said the only way to get that information is to port mirror and sniff the traffic until you find which machine you need. I already know the MAC and IP of that workstation. So what I need to do is somehow route the a port to the mirrored port, and then that mirrored port to another switch on anohter floor, and then sniff from that port. I was told ethereal? I have ISA2006 runnin, but given the time frame and the config needed I don't think I will be able to do this
so in less than a few hour setup, how can I implement a web surfing monitor?
|
Answer : Need to monitor internet usage
|
|
You can't forward the traffic from a mirrored port to another switch.
Connect a PC to the same switch you need to monitor.
Configure the swith to mirror the port you want to monitor to the port with the above PC.
Crank up Ethereal (or its new name Wireshark, http://www.wireshark.org) and watch. If you do NOT need to see the whole data stream then change the capture to only capture the first 200 or so bytes of each packet.
This will capture ALL traffic to/from the montiored port: accessing your internal e-mail system, internal applciations, sending print to printers, reading/writing files to from a file server.
After you are done, you can stop Ethereal, save the capture file an look at it.
What do you want to actuall do? The ISA 2006 logs should be able to tell you what IP address is visiting what sites.
|
|
|
|
|
