Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Best Way To Monitor Traffic?

Posted by samzenpus on from the keeping-an-eye-on-things dept.

First time accepted submitter Shalmendo writes "My client needs to monitor traffic on his LAN, particularly going out to the internet. This will include websites like Facebook, Myspace, and similar, including from mobile devices. So far, based on the network education I have, I've concluded that it might be best to get a tap (And some kind of recording system with wireshark, probably a mini-barebone), or replace the existing Linksys router with a custom built mini barebone system with linux routing software and appropriate storage capacity etc to record traffic internally. (either way it looks like I will need to put together a mini barebone system for some purpose) My client is trying to protect his family from scammers and other unsavory types, and isn't savvy in this matter, so i'm doing it for him. What I need is a way to record the traffic at a singular point, like modem/router areas, or similar, and a way to scrape out Facebook, Myspace, and other messages. It also appears that the client's family is using iPhones and some game called 'words' which has message capability. Is it possible to scrape messages out of that game's packets, or are they obfuscated? Can I write a script? What software would you recommend? Linux routing OS? Can we sniff packets and drop them on the internal hard drive? or would a tap be better? How do I analyze and sort the data afterwards? my client needs easily read evidence (Such as text or screenshots) he can use as proof in discussion with his family to try and intercede in any potentially harmful transactions. In other words, how can I Achieve this goal? I have basic and medium training in computer networking, so I can make my own cables and such, but I've never worked on this exact kind of project before, and thought it might be better to query slashdot instead of do my own research from scratch. After days of discussion with the client, it's not plausible to put monitoring software in the devices on the network (due to legal issues and a few other factors), so I concluded a network tap or other device would be the best way to capture and study what's going on."

18 of 338 comments (clear)

  1. a bird in hand by alphatel · · Score: 5, Insightful

    Oh it's realy easy. You just need about 800 offshore programmers, 200 solid state drives, hadoop, ruby on rails, cheese, bacon. Clearly your client has the funds.
    Or maybe go and buy an internet security hardware appliance like Sonicwall or Watchguard and bill out 700 hours labor. It will take you less time to install one than writing that horrific maligned essay you chose to sully our pages with.

    --
    When the foot seeks the place of the head, the line is crossed. Know your place. Keep your place. Be a shoe.
    1. Re:a bird in hand by Anonymous Coward · · Score: 5, Insightful

      It generates nerd rage and plenty of comments. This isn't a serious question at all. This guy is yanking our collective chain or he's kind of out of his depth. As others have noted, this idea is both unpleasant and pretty heavy work. Samzenpus, would you like to use any of the following as future Ask Slashdot submissions?

      A client has approached me to develop an MMO, with clients for Windows and Linux. I'm pretty good with HTML and have made some Star Craft maps. What language should I learn for writing the MMO? I heard that Warcraft is written in sea plus plus. Would Linux be good for hosting the game?

       

      I've been repairing cars since I was a kid, and I've been asked to visit the ISS to perform some repairs to its solar arrays. Rather than attend college and develop sufficient experience in more down to earth jobs, I'm asking Slashdot for some advice on how I can do this? What kinds of bolts do they use on those things? I have a pretty good socket set from Sears that's served me well fixing up cars.

      Sorry dude, I blame Samzenpus more than the submitter. This question is so horribly out of place and is practically inviting a stream of "let me google that for you" responses and flames.

    2. Re:a bird in hand by foniksonik · · Score: 4, Informative

      www.cloudmeter.com

      SaaS packet sniffing with reporting.

      Put a client on your network and then tinker to get the data you want.

      --
      A fool throws a stone into a well and a thousand sages can not remove it.
  2. Ahmadinejad? by Anonymous Coward · · Score: 5, Funny

    Is that You?

    1. Re:Ahmadinejad? by DanTheStone · · Score: 4, Insightful

      Exactly. Either the "friend" is actually an oppressive government or a guy with some serious problems. Tell him it's not possible. Even if it's possible, it's a bad idea, possibly illegal. Then go take an Ethics class.

    2. Re:Ahmadinejad? by jeffmeden · · Score: 5, Insightful

      What most try to point out is that this approach is really just looking at the internet, being afraid, and applying the biggest hammer possible to the situation when it really will not do much good at all. Teaching your kids right from wrong, as crazy as that sounds, is a LOT easier than not teaching them anything, throwing them onto the internet, and then trying to filter the "wrong" out and/or observe them doing wrong and punishing them (i mean "interceding") later.

      Example 1: the clueless submitter asks about iphone apps, clearly has no idea what they even are, and completely overlooks the fact that whenever the kid/spouse/slave/whatever is out of the house, the fancy pants record-it-all box will have NO effect at all. This "project" has FAIL written all over it, for so many reasons.

  3. using iPhones... by DontScotty · · Score: 5, Funny

    You're going to need to install your scripts on the Verizon / AT&T point of presence to handle the iPhone / Words With Friends traffic molesting.

    I think the NSA has the hardware in place, you'll simply need to rent some space on one of their servers.

  4. Who is this by __aaeihw9960 · · Score: 4, Insightful

    'client'? And why does he need to know the content of every. single. message. that goes out on his network? Is this going to be like the talk with my kids when they say 'my friend has this girl he likes' kind of thing?

    If you need to know what every message going out is, including the content of a (I assume) 'words with friends' game, maybe you should just unplug for a while and take a walk in the woods to clear your head. Then maybe speak to a psychiatrist for the paranoia issues.

    1. Re:Who is this by L4t3r4lu5 · · Score: 4, Insightful

      More importantly, who the fuck upvoted this PoS from the Firehose?

      His "client" is obviously himself, he has serious trust issues and should probably seek professional help in dealing with those. His "client" isn't savvy in the matter of "protecting his family from scammers and unsavory types" yet he thinks that being able to crimp a patch lead is enough of a background to "tap" SSL encrypted sessions, breaching various computer misuse laws depending on your country (Wiretap Act in US, Computer Misuse Act / RIPA in the UK). Not only that, but he wants intelligent and monitoring of communications between two parties without their consent. All of this done with a script, with screenshots (that's desktop integration, mate) and then he wants to blow up his family by confronting them with this "evidence".

      I think 4Chan just trolled Slashdot.

      --
      Finally had enough. Come see us over at https://soylentnews.org/
  5. Your client is a stalker? Or just the new Fritzl? by Harald+Paulsen · · Score: 5, Insightful

    Seriously.

    Logging traffic is not going to stop someone from doing something stupid, like falling for a scam.

    Education is.

    --
    Harald
  6. Absolute control is difficult and not advised by matt-fu · · Score: 4, Insightful
    As some have already commented, the scope of this project is a bit much. To automatically strip the specific things you want out of the stream even at the LAN level would involve a lot of processing. To do it for the phones would take Steve Jobs levels of political clout.

    An easy thing you could do is to set up a proxy on the network (such as Squid) and use DHCP to force all of the computers on the LAN to use it. It won't be foolproof unless you block any outbound web traffic that isn't coming from the proxy and that will maybe break things, but this is someone's house and not an IT shop so that's not a big deal.

    After that, set up all the phones to use wifi and take the hit in battery performance, or else get everyone ipod touches instead of phones with a data plan. You can't get around the fact that he is paying for another data connection per handset from the phone company.

    The *best* thing you could do is sit your friend down and advise him that the world is scary and that you can't shield your kids from everything, but you can certainly build a good rapport with them and answer questions about life when they come up.

  7. Treat the disease, not the symptoms by Sarten-X · · Score: 5, Insightful

    My client is trying to protect his family from scammers and other unsavory types, and isn't savvy in this matter, so i'm doing it for him.

    Then you're doing it wrong.

    Quite frankly, extreme monitoring and filtering isn't going to work. Scammers will hide their words to avoid filters, so active filtering doesn't work. The exchanges are managed quickly, so scams (especially phishing scams) get your data instantly, so delayed review of activity isn't going to protect anyone, either, though it might make detection a bit faster. There is simple no hardware approach that will work.

    If, as others have pointed out, your client is an overly controlling patriarch, he needs professional psychiatric help. If he's just paranoid and scared, he needs professional technical help, and that's where you should focus your efforts.

    Educate him and his family on scammers' techniques and tactics, and security practices. Explain how the teenage daughter will be victimized and harassed, because that's just the nature of the assholes on the Internet. From a network perspective, make sure they have updated antivirus software, and maybe an active monitoring firewall to scan HTTP traffic for viruses. A basic scanner for the known threats, and education for the unknown threats, and the client will be far better off in the long run.

    --
    You do not have a moral or legal right to do absolutely anything you want.
  8. "Can I write a script?" by jolyonr · · Score: 4, Funny

    I don't know. Can you?

    --


    Please read my Canon EOS tech blog at http://www.everyothershot.com
  9. Your Best Solution by FSWKU · · Score: 4, Insightful

    ...is to drop the client. Seriously.

    He wants Orwellian monitoring over his network that is not only unfeasible but would eventually prove completely ineffective. If he's this paranoid, what's going to happen when your kludge of a system inevitably misses a message or two and he decides that caused someone to fall victim to a scam? He's going to come after you with some shark lawyer and make your life incredibly annoying, that's what. In the end, his idea will not prevent scams and the like. It's only going to further a "big brother knows best and sees all" mentality. On top of that, it shows a frightening lack of trust in his family - both in their ability to "do the right thing" and in their general intelligence. Your best solution is to drop the client and not feed his totalitarian ego.

    On the other hand, if this is really you wanting such a solution, the trust issues apply even moreso. Learn to EDUCATE instead of spy. You will have much better results.

    And finally, if you're an ISP too clueless to do something on your own, GTFO Slashdot with your asking us how to spy on your customers. You should be ashamed of yourself.

    tl;dr - Your plan is a bad idea all around...

    --
    "So after all this, you make my case for me. To end this stalemate, you must die..."
  10. Ah another "safety" nut... by clonehappy · · Score: 5, Insightful

    So, either you are clinically paranoid, and should probably address that issue before any technical ones...or you need to take a step back, relax, and realize you don't have control over everything. Your "client's" requirements are completely ludicrous, and even if you wrote a script for "him" to scrape messages out of Words with Friends, what about EA's Scrabble, or TextFree, or any of the 10,000 other iPhone/Android apps that can communicate privately between two parties?

    My advice? Cancel your hardwired ISP, cancel all smartphones with network access, harden your doors, windows, and other points of entry and lock you and your family in your basement. There you go, no "unsavories" or "scammers" can ever access you or your family. I'm sure that will go over well with the wife and kids, but at least you're being upfront about it and not covertly spying on them through their electronic communication (which is what you *really* want to do).

    When they object, tell them the other option (your little Napoleon complex and your in-home Echelon system), and be prepared for your, sorry your "friend's" wife to serve up some divorce papers.

    Oh, that's right, you just want them to be "safe". Give us a break, even the most hardened Fox News or CNN watcher isn't really *that* scared of unsavory types messing with their lives, and if you are, please turn off the television and go for a walk in the park for a few hours.

  11. Re:sniffin the network for Facebook "screenshots". by stranger_to_himself · · Score: 5, Funny

    you just went full retard.

    At least he can 'make his own cables and such'.

  12. In reply to alot of the posters by Shalmendo · · Score: 5, Informative

    I admit the scope of the project is overwhelming, and I've told my client that he's asking for an NSA quality project. I will direct him to this post and your replies to help him to better understand the nature of his requests. Also, it appears that my article was truncated before being posted, so some of the explanatory bits were cut off, although the core of the question is still there for the most part. And yes, this is an actual client, not myself. I already suspected what most of you were saying, and tried to tell him that, but computers are a big 'mystery box' to him, and I can't seem to nail stuff home on my own. (IF it was myself i would have all already solved this problem.) Also, I'm a little surprised at some of the hostility and non-seriousness i've seen here, but I suppose it is to be expected considering alot of the drama and arguing i've seen going on in other arguments. When I originally wrote the article, I did specify 'serious answers only please, I don't want to start an argument, but a bunch of random answers that are unrelated won't help me solve this problem' And to be more specific, it's a home network with a cable connection. (I obviously can't be too specific due to his need for anonymity to avoid 'alarming' his family to his clandestine monitoring intentions). He does reasonable cause for suspecting something is going on and just needs to have information available to aid him in making decisions about some unusual behavior. and yes, I know that you can't get 'screenshots' right off a client PC through a network, by screenshots i meant some kind of recreation of a visited website, or just text information in printable form off some kind of analyzer software. I really would like to solve this problem, but I agree it's an excessive project. He wants the moon without having to go there to get it, type of issue.

  13. Apologies by Shalmendo · · Score: 4, Informative

    While I'm not a troll by any means, the level of hostility and such has led me to feel it would be a good idea to apologize to everyone for having wasted their time with a ridiculous inquiry. Trolling was never my intention, but it appears I may have done so unintentionally by asking to be informed by people that are experts of many fields, and intelligent and well educated, so you all have what apology I can offer. And I'm quite serious. I don't think I can really say anymore, so I'll leave it at that, link my client to this article, and let him judge for himself.