| 1 |
Hi, |
| 2 |
|
| 3 |
On Wed, 17 Oct 2007 10:38:10 -0400 James Colby |
| 4 |
<jcolby@×××××××××××××××××.net> wrote: |
| 5 |
|
| 6 |
> I am looking for some advice. We have a user on our network that we |
| 7 |
> belive may be making inappropriate forum posts, violating our TOS for |
| 8 |
> internet usage. I am looking for some recommendations of software |
| 9 |
> that I can install on Gentoo server to help us monitor these posts. |
| 10 |
> Can anyone recommend a proxy package that could help me to monitor |
| 11 |
> this. I would prefer to do this transparently but we do have access |
| 12 |
> to configure a proxies on the users browser. Is this something that |
| 13 |
> Squid can do? |
| 14 |
|
| 15 |
You won't get HTTPS traffic without spoofing certificates, which might |
| 16 |
not get trough unnoticed. But HTTP is just plain text, so probably you |
| 17 |
can just run |
| 18 |
|
| 19 |
$ tcpdump -w - -i ethN -s 1600 port 80 and src 192.168.your.enemy | tee fulldump | strings |
| 20 |
|
| 21 |
for one or two days and be done with it. Note that the traffic you're |
| 22 |
interested in the most is outgoing traffic (HTTP POST) if you're |
| 23 |
looking for offensive communication originating from that user. |
| 24 |
|
| 25 |
Of course, all of this is probably illegal if that user hasn't agreed |
| 26 |
on monitoring measures (which means you'll probably not be able to use |
| 27 |
it as a proof before court) -- and even that might be prevented by |
| 28 |
local law. |
| 29 |
|
| 30 |
Also have a look at the dsniff package, especially at urlsnarf. But |
| 31 |
this would just give you the URLs... |
| 32 |
|
| 33 |
-hwh |
| 34 |
-- |
| 35 |
gentoo-user@g.o mailing list |
Archives