1 |
Hi, |
2 |
|
3 |
On Wed, 17 Oct 2007 10:38:10 -0400 James Colby |
4 |
<jcolby@×××××××××××××××××.net> wrote: |
5 |
|
6 |
> I am looking for some advice. We have a user on our network that we |
7 |
> belive may be making inappropriate forum posts, violating our TOS for |
8 |
> internet usage. I am looking for some recommendations of software |
9 |
> that I can install on Gentoo server to help us monitor these posts. |
10 |
> Can anyone recommend a proxy package that could help me to monitor |
11 |
> this. I would prefer to do this transparently but we do have access |
12 |
> to configure a proxies on the users browser. Is this something that |
13 |
> Squid can do? |
14 |
|
15 |
You won't get HTTPS traffic without spoofing certificates, which might |
16 |
not get trough unnoticed. But HTTP is just plain text, so probably you |
17 |
can just run |
18 |
|
19 |
$ tcpdump -w - -i ethN -s 1600 port 80 and src 192.168.your.enemy | tee fulldump | strings |
20 |
|
21 |
for one or two days and be done with it. Note that the traffic you're |
22 |
interested in the most is outgoing traffic (HTTP POST) if you're |
23 |
looking for offensive communication originating from that user. |
24 |
|
25 |
Of course, all of this is probably illegal if that user hasn't agreed |
26 |
on monitoring measures (which means you'll probably not be able to use |
27 |
it as a proof before court) -- and even that might be prevented by |
28 |
local law. |
29 |
|
30 |
Also have a look at the dsniff package, especially at urlsnarf. But |
31 |
this would just give you the URLs... |
32 |
|
33 |
-hwh |
34 |
-- |
35 |
gentoo-user@g.o mailing list |