Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ask Slashdot: Best Way To Monitor Traffic?

samzenpus posted more than 2 years ago | from the keeping-an-eye-on-things dept.

The Internet 338

First time accepted submitter Shalmendo writes "My client needs to monitor traffic on his LAN, particularly going out to the internet. This will include websites like Facebook, Myspace, and similar, including from mobile devices. So far, based on the network education I have, I've concluded that it might be best to get a tap (And some kind of recording system with wireshark, probably a mini-barebone), or replace the existing Linksys router with a custom built mini barebone system with linux routing software and appropriate storage capacity etc to record traffic internally. (either way it looks like I will need to put together a mini barebone system for some purpose) My client is trying to protect his family from scammers and other unsavory types, and isn't savvy in this matter, so i'm doing it for him. What I need is a way to record the traffic at a singular point, like modem/router areas, or similar, and a way to scrape out Facebook, Myspace, and other messages. It also appears that the client's family is using iPhones and some game called 'words' which has message capability. Is it possible to scrape messages out of that game's packets, or are they obfuscated? Can I write a script? What software would you recommend? Linux routing OS? Can we sniff packets and drop them on the internal hard drive? or would a tap be better? How do I analyze and sort the data afterwards? my client needs easily read evidence (Such as text or screenshots) he can use as proof in discussion with his family to try and intercede in any potentially harmful transactions. In other words, how can I Achieve this goal? I have basic and medium training in computer networking, so I can make my own cables and such, but I've never worked on this exact kind of project before, and thought it might be better to query slashdot instead of do my own research from scratch. After days of discussion with the client, it's not plausible to put monitoring software in the devices on the network (due to legal issues and a few other factors), so I concluded a network tap or other device would be the best way to capture and study what's going on."

cancel ×

338 comments

Sorry! There are no comments related to the filter you selected.

a bird in hand (5, Insightful)

alphatel (1450715) | more than 2 years ago | (#40064223)

Oh it's realy easy. You just need about 800 offshore programmers, 200 solid state drives, hadoop, ruby on rails, cheese, bacon. Clearly your client has the funds.
Or maybe go and buy an internet security hardware appliance like Sonicwall or Watchguard and bill out 700 hours labor. It will take you less time to install one than writing that horrific maligned essay you chose to sully our pages with.

Re:a bird in hand (1)

Anonymous Coward | more than 2 years ago | (#40064345)

A bit over the top, but not by much. What you are asking would take a lot. Here's the rule - quick, cheap, good - pick two. Quick and cheap won't be good, good and cheap won't be quick, quick and good won't be cheap. Buy something like a Websense or TMG appliance and put it in line, spend a few weeks tweaking the configuration, and you should be done for under $25,000 US.

Re:a bird in hand (0)

Anonymous Coward | more than 2 years ago | (#40064435)

+1 for Sonicwall

Re:a bird in hand (2)

h4rr4r (612664) | more than 2 years ago | (#40064807)

-100 for Sonicwall. They are total crap. Maybe they have a place in the SMB market, if that market is full if people who hate having money and enjoy buying bad things.

Re:a bird in hand (0)

Anonymous Coward | more than 2 years ago | (#40064447)

Watchguard sucks. Endless bugs with 11.5.3, use at your peril...

Ahmadinejad? (5, Funny)

Anonymous Coward | more than 2 years ago | (#40064277)

Is that You?

Re:Ahmadinejad? (4, Insightful)

DanTheStone (1212500) | more than 2 years ago | (#40064461)

Exactly. Either the "friend" is actually an oppressive government or a guy with some serious problems. Tell him it's not possible. Even if it's possible, it's a bad idea, possibly illegal. Then go take an Ethics class.

Re:Ahmadinejad? (2)

amiga3D (567632) | more than 2 years ago | (#40064483)

But as a technical problem I find it interesting. Don't ruin the beauty of the thing with morality.

Re:Ahmadinejad? (1, Insightful)

ArcherB (796902) | more than 2 years ago | (#40064565)

Exactly. Either the "friend" is actually an oppressive government or a guy with some serious problems. Tell him it's not possible. Even if it's possible, it's a bad idea, possibly illegal. Then go take an Ethics class.

Or maybe it's a father who wants to monitor what his kids are doing. You might disagree with that, but as long as he's not beating his kids, how he raises his family is none of your business.

This guy wants to secure his home network. A secure network is a good thing. I'm sure you'll say that this is monitoring, not security. Well, how do you know if you've properly secured your network without monitoring it?

Re:Ahmadinejad? (2)

progician (2451300) | more than 2 years ago | (#40064693)

If dad want to monitor his kids, the best way to do that is to ask them. That is, what a father supposed to do. Sneaking for "bad stuff" means there's no confidence in the children. In that case, the family is already in-secure no matter what are you doing with the network. Don't try to sell family problems as a reason for monitoring. It just doesn't figure.

Re:Ahmadinejad? (3, Insightful)

Anonymous Coward | more than 2 years ago | (#40064747)

Or maybe it's a father who wants to monitor what his kids are doing. You might disagree with that, but as long as he's not beating his kids, how he raises his family is none of your business.

Not until the kids start voting and don't understand why anyone would have a problem with constant monitoring of all communication. Then they're everybody's business.

You can screw up a kid without beating him. Letting them know off the bat that you don't trust them in the least bit is one way to start. Once you've eroded their trust in you to the point you think you need to monitor every communication means your work is mostly done.

Re:Ahmadinejad? (1, Interesting)

CanHasDIY (1672858) | more than 2 years ago | (#40064791)

Or maybe it's a father who wants to monitor what his kids are doing.

Judging by summary writer's admission that beyond making patch cables, he doesn't know networking from a cow fart, I would consider this an accurate assumption.

I've never worked on this exact kind of project before, and thought it might be better to query slashdot instead of do my own research from scratch.

Bad call, chief.

Re:Ahmadinejad? (0)

Anonymous Coward | more than 2 years ago | (#40064797)

Monitoring the content of communications in your house will not affect the security of the network in any way unless you think the people inside your network (eg: your family) are moles with the intent of destroying the network itself, or if you think the people inside your network are terrorists with the intent of destroying everything in the world, including your network.

Monitoring what type of traffic is being generated is a good idea, monitoring external IP addresses is possible, but monitoring the contents of communication over your network is an invasion of privacy. You are either ignoring or not respecting the rights of people on your network, or you are a religious nutjob trying to filter the world to people on your network. Neither of which should be done.

As the GPP said, go take an ethics class, as this is probably highly unethical. I know it sounds great in this Facebook age, but the implications for society are kind of dire.

Re:Ahmadinejad? (0)

Anonymous Coward | more than 2 years ago | (#40064821)

Exactly. Either the "friend" is actually an oppressive government or a guy with some serious problems. Tell him it's not possible. Even if it's possible, it's a bad idea, possibly illegal. Then go take an Ethics class.

Or maybe it's a father who wants to monitor what his kids are doing. You might disagree with that, but as long as he's not beating his kids, how he raises his family is none of your business.

This guy wants to secure his home network. A secure network is a good thing. I'm sure you'll say that this is monitoring, not security. Well, how do you know if you've properly secured your network without monitoring it?

If that was the case, why did the poster bring up that having monitoring software on the devices in the network was not possible "due to legal issues and a few other factors". I've not heard of any country where it is not legal for a father to put monitoring software on his kids computers.

This "Client" ("this is not for me but for a friend") sounds more like someone wanting to run hidden surveilance on others without their knowledge, maybe to catch the girlfriend sexting with randomguy55 on Facebook or something.

Re:Ahmadinejad? (1)

Jeng (926980) | more than 2 years ago | (#40064613)

What I inferred from the summary was that this guy has relatives in his house who are being scammed on the internet and needed some proof to help educate them.

Re:Ahmadinejad? (1)

tooyoung (853621) | more than 2 years ago | (#40064803)

What I inferred from the summary was that this guy has relatives in his house who are being scammed on the internet and needed some proof to help educate them.

That is what I read in the summary, not what I inferred.

holy long summary batman (0)

Anonymous Coward | more than 2 years ago | (#40064287)

I suppose too many /.'ers have been found guilty of not RTFA. Instead, they are going to start loading the entire article into the summary section.

using iPhones... (5, Funny)

DontScotty (978874) | more than 2 years ago | (#40064293)

You're going to need to install your scripts on the Verizon / AT&T point of presence to handle the iPhone / Words With Friends traffic molesting.

I think the NSA has the hardware in place, you'll simply need to rent some space on one of their servers.

Re:using iPhones... (1)

Anonymous Coward | more than 2 years ago | (#40064609)

I was a store manager at a electronics store owned by one of canada's top wireless carriers. Bell owns The Source. Bell owns half the damn country at this point.

Guess what happens when the same guy owns the both the store AND the cell networks?

We had a piece of custom hardware show up one day, were told to install it, and anytime it lost power the store got a call instantly from corporate security. Every manager I know got one.

It had two antennas on it, very similar to what you'd see on a GPS jammer, etc. Noone at corporate would tell us what it was. It had a ethernet feed going to our switch. The running assumption was that it analyses local cell and wifi traffic. There's so many cellular devices in the store, that restricting internet of workstations is useless.

A district manager made an offhand comment about it once, an employee was using the internet on his phone, and he nodded towards it and said "he'll get what's coming to him."

Probably highly fucking illegal but what can you do? The Source is corrupt from the inside out, that's why they've declared bankruptcy three times. Bankruptcy doesn't get of the middle/upper management.

spying on own family (1)

Anonymous Coward | more than 2 years ago | (#40064309)

I say bullshit. Your "client" is probably trying to snoop on his wife and kids. Paranoid types like him are often controlling, abusive and should be avoided at all costs. Step away and do not work with people like him.

Re:spying on own family (1)

GrumpySteen (1250194) | more than 2 years ago | (#40064517)

Or the guy knows his wife is cheating on him and is just trying to get proof he can use during a divorce. Not everyone is a violent asshole.

Who is this (4, Insightful)

Loughla (2531696) | more than 2 years ago | (#40064317)

'client'? And why does he need to know the content of every. single. message. that goes out on his network? Is this going to be like the talk with my kids when they say 'my friend has this girl he likes' kind of thing?

If you need to know what every message going out is, including the content of a (I assume) 'words with friends' game, maybe you should just unplug for a while and take a walk in the woods to clear your head. Then maybe speak to a psychiatrist for the paranoia issues.

Re:Who is this (0)

Anonymous Coward | more than 2 years ago | (#40064397)

'client'? And why does he need to know the content of every. single. message. that goes out on his network? Is this going to be like the talk with my kids when they say 'my friend has this girl he likes' kind of thing?

If you need to know what every message going out is, including the content of a (I assume) 'words with friends' game, maybe you should just unplug for a while and take a walk in the woods to clear your head. Then maybe speak to a psychiatrist for the paranoia issues.

I agree. This should be putting up big red flags. If you need to spy on everything your family's doing, you're doing it wrong.

Re:Who is this (3, Insightful)

networkBoy (774728) | more than 2 years ago | (#40064679)

I still think it is a trolling of the /. editors.
No one who knows how this could be accomplished would actually consider it at a home install network. Aside from being cost prohibitive, to defeat it all you need is an SSL proxy so that you can https to the proxy and from there go to the WWW. Thus this would not even be useful if the people being watched thought they were being watched.

-nB

Re:Who is this (2)

nbuet (944469) | more than 2 years ago | (#40064467)

Just imagine his client is a correctional facility and the requirements all of a sudden make sense.

Re:Who is this (1)

progician (2451300) | more than 2 years ago | (#40064749)

Hmm... I don't see what's the point in that case either. If the internet habits are a concern, cut the cable all together. Monitoring communication is only good for one thing: abuse position.

Re:Who is this (4, Insightful)

L4t3r4lu5 (1216702) | more than 2 years ago | (#40064837)

More importantly, who the fuck upvoted this PoS from the Firehose?

His "client" is obviously himself, he has serious trust issues and should probably seek professional help in dealing with those. His "client" isn't savvy in the matter of "protecting his family from scammers and unsavory types" yet he thinks that being able to crimp a patch lead is enough of a background to "tap" SSL encrypted sessions, breaching various computer misuse laws depending on your country (Wiretap Act in US, Computer Misuse Act / RIPA in the UK). Not only that, but he wants intelligent and monitoring of communications between two parties without their consent. All of this done with a script, with screenshots (that's desktop integration, mate) and then he wants to blow up his family by confronting them with this "evidence".

I think 4Chan just trolled Slashdot.

Proffessional help appreciated. (0)

Anonymous Coward | more than 2 years ago | (#40064321)

Or would ti be better to recommend your client a visit to psychiatrist. He/she seems to be rather paranoid and doesn't even trust his own family.

Just asking and talking with your family about the issue should be way enough.

Re:Proffessional help appreciated. (0)

Anonymous Coward | more than 2 years ago | (#40064551)

I guessing the "client" is him self he is just trying to make excuses. "trying to protect his family from scammers", that is the worse excuse I have ever heard.

he should seek help before the voices in his head tells him to kill someone

Re:Proffessional help appreciated. (0)

Anonymous Coward | more than 2 years ago | (#40064635)

"trying to protect his family from scammers", that is the worse excuse I have ever heard.

Clearly, you've never heard of "think of the children". Now, that's the worst one.

Re:Proffessional help appreciated. (1)

progician (2451300) | more than 2 years ago | (#40064813)

Isn't his a version of the "think of the children"?

Related reading: Jonathan Swift: A Modest Proposal [rutgers.edu]

Sure. "Your client"... (1)

Anonymous Coward | more than 2 years ago | (#40064323)

Let us know how that divorce settlement goes.

Cure the problem (3, Insightful)

Anonymous Coward | more than 2 years ago | (#40064333)

Take all their devices, and get rid of the internet if he cant control them. When my kids started staying up later than I wanted I just shutdown the router from 10:30 pm to 8:00 am back in the day. Besides if they have I smart phones they can just get off the lan and onto the carrier circumventing any controls you put on the lan.

is this a joke? (0)

Anonymous Coward | more than 2 years ago | (#40064337)

You know nothing about technology, quit screwing up the bidding market. Problem solved.

Seriously, is anyone employable any more?

cameras (0)

Anonymous Coward | more than 2 years ago | (#40064347)

Install cameras behind each user.

Your client is a stalker? Or just the new Fritzl? (5, Insightful)

Harald Paulsen (621759) | more than 2 years ago | (#40064359)

Seriously.

Logging traffic is not going to stop someone from doing something stupid, like falling for a scam.

Education is.

Way overthinking this (2)

redmid17 (1217076) | more than 2 years ago | (#40064365)

This is seriously a problem that starts and begins with the users. All the technology in the world isn't going to fix it. We don't even know if it's a family LAN or related to a family business. You won't be able to get the iPhone information if they are using a data network. There is so much wrong with this whole situation I don't even know where to start.

Is it April 1st already? (0)

Anonymous Coward | more than 2 years ago | (#40064371)

"it's not plausible to put monitoring software in the devices on the network (due to legal issues and a few other factors)" but it's totally fine to go ahead and try and record all communications over the network. Given the already-long post, the author should have mentioned whether they are in a one-party-consent wiretap state.

Technical plausibility is one issue, yes. Legality is another issue. Then there's just the ethicality of the matter. In my opinion - in typical slashdot form - the uber-nerd remains 95% focused on issue #1, 5% on the second, and 0.00% on the third. You functioning sociopaths are all the same: you think you can do whatever you want because laws are for the everybody else and if you want it it must be best because after all a priori you can do no wrong - you're just so smart, after all.

Re:Is it April 1st already? (1)

networkBoy (774728) | more than 2 years ago | (#40064719)

#3 is only an issue if I get caught, now isn't it. :-)

You are correct in that most here are concerned with technical possibility, but that is because it is what interests us. You are incorrect that as a collective we don't think about morality or legality. And just now is when I realize that you are a clever troll and I don't have my AC thresholds set correctly... Bah.

one word answer: don't (3, Insightful)

camusflage (65105) | more than 2 years ago | (#40064373)

Fortigate will do what you need out of the box, paired with Fortianalyzer.

The bigger question is WTH you're doing with this. You can't put monitoring software on the devices, but you can look at every last bit they send and receive? Legal issues are a far bigger problem when data is in transit (as in flying across the network) than when it's at rest on the device. You won't even see everything, as a lot is TLS-protected and if it's a phone, it can bypass the fixed network entirely. I somehow doubt that he's making his wife and kids agree to an AUP that allows this sort of monitoring.

Re:one word answer: don't (0)

Anonymous Coward | more than 2 years ago | (#40064427)

I somehow doubt this has anything to do with a wife and kids whatsoever.

Re:one word answer: don't (0)

Anonymous Coward | more than 2 years ago | (#40064825)

To that point, Palo Alto Networks Firewalls will do this as well. It will even break the SSL sessions to inspect the traffic. It can report on application usage, where they're going on the Internet, etc. If you've got some money to spend, you could get yourself a Websense or Bluecoat proxy and then decrypt *everything* from there. You'd be running your network just like an enterprise network at that point.

AC

VPN + gateway server (0)

Anonymous Coward | more than 2 years ago | (#40064377)

nuff said?
clearos should be a complete gateway
http://www.clearfoundation.com/

DHCP, DNS and NTP Server
OpenVPN
PPTP Server
Multi-WAN
Bandwidth Manager
MySQL Server ... lots of features...

Your client is the Man (0)

Anonymous Coward | more than 2 years ago | (#40064383)

And you are his do-boy. Quit while you're ahead; leave your client to his "family", go get a real job or an actual education, and stop crowd-sourcing solution architecture to /.

wrong way (0)

Anonymous Coward | more than 2 years ago | (#40064387)

I'm sorry but I thin you are going about this the wrong way
Dumping network traffic isn't going to help anyone in this situation. What are you going to do inspect every packet? Will you be onsite 24/7? Does the guy have the savvy to understand the traffic when you are not there? The best you will achieve is figure out what went wrong long after it went wrong, and that assumes you know something has gone wrong, and have the skill to spot it.

Much better solution would be to install a decent AV, keep the AV and OS up to date, educate the users that clicking "yes" to everything is a bad idea, stay off dodgy sites. Behave sensibly. Use pre paid credit cards that can't go negative if they need online cash. Get them to call you if they are unsure of something, or it looks suspicious.

"appears that the client's family is using iPhone" (0)

Anonymous Coward | more than 2 years ago | (#40064405)

Your "client" doesn't even know what kind of phones his "family" is using.

Still, one of the best FS I've read on /. for a while. Gave me a laugh.

client? LOL (0)

Anonymous Coward | more than 2 years ago | (#40064407)

A "client" *cough* of mine.

LOL

sounds fishy (0)

Anonymous Coward | more than 2 years ago | (#40064431)

These kind of requirements sure as hell don't sound like someone trying to prevent scamming. My guess would be trying to catch a cheating/suspected cheating spouse. That's some heavy duty monitoring your client has asked for.

Re:sounds fishy (3, Interesting)

networkBoy (774728) | more than 2 years ago | (#40064789)

Finding a cheating spouse is way easier than that.
One of my acquaintances recently went through this. Evidence was *everywhere* on the computer, facebook, e-mail, etc.
When you save your password you are trusting everyone with access to that machine not to cheat and look at your profiles. Maybe you should change those passwords and not save the updated ones before you have a tryst.

Best thing ever: Judge ruled it was not unauthorized access for him to dump her e-mails to the printer because she had saved the password to the same computer that he had authorized access to, and since she saved the passwords so that IE would auto-enter them she had no expectation of privacy...
-nB

sniffin the network for Facebook "screenshots"...? (1)

Bigsquid.1776 (2554998) | more than 2 years ago | (#40064433)

you just went full retard.

Re:sniffin the network for Facebook "screenshots". (5, Funny)

stranger_to_himself (1132241) | more than 2 years ago | (#40064653)

you just went full retard.

At least he can 'make his own cables and such'.

Absolute control is difficult and not advised (4, Insightful)

matt-fu (96262) | more than 2 years ago | (#40064441)

As some have already commented, the scope of this project is a bit much. To automatically strip the specific things you want out of the stream even at the LAN level would involve a lot of processing. To do it for the phones would take Steve Jobs levels of political clout.

An easy thing you could do is to set up a proxy on the network (such as Squid) and use DHCP to force all of the computers on the LAN to use it. It won't be foolproof unless you block any outbound web traffic that isn't coming from the proxy and that will maybe break things, but this is someone's house and not an IT shop so that's not a big deal.

After that, set up all the phones to use wifi and take the hit in battery performance, or else get everyone ipod touches instead of phones with a data plan. You can't get around the fact that he is paying for another data connection per handset from the phone company.

The *best* thing you could do is sit your friend down and advise him that the world is scary and that you can't shield your kids from everything, but you can certainly build a good rapport with them and answer questions about life when they come up.

NGFW (1)

Necroman (61604) | more than 2 years ago | (#40064445)

What you are describing basically sounds like what NGFW (Next Generation Firewalls) solve. These are standard firewalls, but add more "smarts" to them, like detecting certain applications, telling you which users access them and when. So you'll want something inline to do it properly.

A lot of traffic to the web may also be going over an SSL connection, so you would probably need an SSL module in-line to basically man-in-the-middle all the computers on the network and snoop the traffic.

Check out the NSS report [nsslabs.com] (costs money to buy the report) on NGFW appliances.

Re:NGFW (0)

Anonymous Coward | more than 2 years ago | (#40064615)

In this case, the acronym NGFW should stand for Not Gonna F#$#ing Work.

Translation (1)

Reality Master 301 (1462839) | more than 2 years ago | (#40064457)

"my client needs easily read evidence (Such as text or screenshots) he can use as proof in discussion with his family to try and intercede in any potentially harmful transactions." You don't need "proof" in a real discussion. Also, by the time you've captured and read any proof, it's already too late to "intercede harmful transactions". Translation: "I casually mention 'client' so many times I probably don't have one. How do I spy on my family without the need to actually talk to them?" (Also: Isn't (currently-plummeting) Facebook and others moving towards default-encryption?)

Simple plan. (0)

Anonymous Coward | more than 2 years ago | (#40064463)

Gather all of the electronic devices, then smash them with a sledgehammer.

Treat the disease, not the symptoms (5, Insightful)

Sarten-X (1102295) | more than 2 years ago | (#40064477)

My client is trying to protect his family from scammers and other unsavory types, and isn't savvy in this matter, so i'm doing it for him.

Then you're doing it wrong.

Quite frankly, extreme monitoring and filtering isn't going to work. Scammers will hide their words to avoid filters, so active filtering doesn't work. The exchanges are managed quickly, so scams (especially phishing scams) get your data instantly, so delayed review of activity isn't going to protect anyone, either, though it might make detection a bit faster. There is simple no hardware approach that will work.

If, as others have pointed out, your client is an overly controlling patriarch, he needs professional psychiatric help. If he's just paranoid and scared, he needs professional technical help, and that's where you should focus your efforts.

Educate him and his family on scammers' techniques and tactics, and security practices. Explain how the teenage daughter will be victimized and harassed, because that's just the nature of the assholes on the Internet. From a network perspective, make sure they have updated antivirus software, and maybe an active monitoring firewall to scan HTTP traffic for viruses. A basic scanner for the known threats, and education for the unknown threats, and the client will be far better off in the long run.

Re:Treat the disease, not the symptoms (0)

Anonymous Coward | more than 2 years ago | (#40064833)

Educate him and his family on scammers' techniques and tactics, and security practices. Explain how the teenage daughter will be victimized and harassed, because that's just the nature of the assholes on the Internet. From a network perspective, make sure they have updated antivirus software, and maybe an active monitoring firewall to scan HTTP traffic for viruses. A basic scanner for the known threats, and education for the unknown threats, and the client will be far better off in the long run.

Sweet Odin, THIS! Education would be more effective and far less creepy than having Daddy Stasi sifting through their private communication. As Sarten suggested, psychiatric help would be a damned good suggestion for this guy, and for the story poster if he actually suggested a domestic police state as a solution to this problem. The only possible justification I can see for such broad monitoring would be if his family have IQs in the low 60s or there is so much distrust of him that they won't listen to a word he says, and if he seriously thinks that spying on them is a good idea, I can see why there'd be little trust.

What about SSL traffic? (1)

aaron44126 (2631375) | more than 2 years ago | (#40064479)

This is for a home / family network?

Has Facebook turned on SSL by default yet? I know that Twitter has, and Facebook has the option, not sure if they've thrown it on by default yet?

In any case, if they haven't, I imagine that it is coming, and then sniffing out contents of messages will not be so simple. You'd have to install a man-in-the-middle service with a fake SSL certificate and install said fake certificate as trusted on all of the client machines. (Good luck doing that on the iPhone.) And that's just to be able to see them in clear text. If you're trying to scrape them out, you're going to be constantly fighting with Facebook every time they change up their interface. Are you going to be tasked with updating this every time a new social service or game comes along?

It seems like the better approach may be to just have them learn some basic Internet safety.

Well... (0)

Anonymous Coward | more than 2 years ago | (#40064485)

Most of those apps will be using SSL encryption and thus your idea of a "tap" will not work. You need something like Pearl Echo, that puts a small client on each PC that's hidden. That will capture everything you want. But you say he can't put that on the PC's, which then leads me to believe this is in some way, an illegal thing he's trying to do...

As for cell phones and other devices, if they are on wifi, you could drop an Untangle box in there and get a good amount of reporting, also that will work from unencrypted sites on the normal LAN clients...

Actually trying to be helpful... (0)

Anonymous Coward | more than 2 years ago | (#40064499)

It looks like your client has a limited budget. Check products or services like Astaro Security Gateway (http://www.astaro.com) or zscaler (http://www.zscaler.com).

try something like pfsense (1)

Anonymous Coward | more than 2 years ago | (#40064507)

If you can ensure the mobile devices in your home use only your wifi to access the internet then a firewall / proxy / ips system like pfsense could work for you. It would require you to dedicate a system, many are available in formats not much bigger than your existing DSL or Cable modem. IDS/IPS from Snort, easy overview with ntop, filtering with whatever sort of oversight you want.

is this even feasible (0)

Anonymous Coward | more than 2 years ago | (#40064511)

There should not be any legal issues if the family members consent to the monitoring. If they do not, stay away from this one.

I think your solution is user education, honestly. Your time will be better spent. All your monitoring will do is show them very clearly how they were scammed, not prevent it.

If any of those services use SSL, you cannot record the traffic you want from the network. There are too many varieties of services that they use, so if you capture only facebook and words, then you missed something else. If you capture everything, then you have so much data that you will never be able to sort it out. And no matter what you do on the network, the iphones would bypass it when they are on 3G.

Whatever solution you come up with, I would get 2-3 quotes from other people on the same project before you start. The price should point out that technology is not the solution here.

stuff for a sitcom (0)

Anonymous Coward | more than 2 years ago | (#40064513)

One happy family

Re:stuff for a sitcom (1)

Bigsquid.1776 (2554998) | more than 2 years ago | (#40064539)

for real... lotta love and trust in the household.

"Can I write a script?" (4, Funny)

jolyonr (560227) | more than 2 years ago | (#40064523)

I don't know. Can you?

Re:"Can I write a script?" (1)

radon28 (593565) | more than 2 years ago | (#40064733)

Sorry. May I?

If the client is paying... (1)

StoneyMahoney (1488261) | more than 2 years ago | (#40064525)

...setup a network tap between the router and the modem (buy separate ones if they don't have them already) leading to a PC with two network cards and a few TBs of hard drive space. Run Wireshark to capture and analyse the packets.

Haha, it sounds so easy when put like that, network packet analysis is a massive PITA - there is no convenient way to monitor everything sent over a network connection, and it may just be worth burning a nice big hole in your client's pocket to get that message across to them - the massive amount of time you'll spend picking through all the traffic, figuring out how to decipher it all, then actually reading everything you find - if you can bill by the hour it's virtually a license to print money!

Poor forum selection? (0)

Anonymous Coward | more than 2 years ago | (#40064529)

Asking a site which users are generally known for disliking censorship and wiretapping about monitoring advice.
  Made my day.

Your Best Solution (4, Insightful)

FSWKU (551325) | more than 2 years ago | (#40064533)

...is to drop the client. Seriously.

He wants Orwellian monitoring over his network that is not only unfeasible but would eventually prove completely ineffective. If he's this paranoid, what's going to happen when your kludge of a system inevitably misses a message or two and he decides that caused someone to fall victim to a scam? He's going to come after you with some shark lawyer and make your life incredibly annoying, that's what. In the end, his idea will not prevent scams and the like. It's only going to further a "big brother knows best and sees all" mentality. On top of that, it shows a frightening lack of trust in his family - both in their ability to "do the right thing" and in their general intelligence. Your best solution is to drop the client and not feed his totalitarian ego.

On the other hand, if this is really you wanting such a solution, the trust issues apply even moreso. Learn to EDUCATE instead of spy. You will have much better results.

And finally, if you're an ISP too clueless to do something on your own, GTFO Slashdot with your asking us how to spy on your customers. You should be ashamed of yourself.

tl;dr - Your plan is a bad idea all around...

Ah another "safety" nut... (5, Insightful)

clonehappy (655530) | more than 2 years ago | (#40064549)

So, either you are clinically paranoid, and should probably address that issue before any technical ones...or you need to take a step back, relax, and realize you don't have control over everything. Your "client's" requirements are completely ludicrous, and even if you wrote a script for "him" to scrape messages out of Words with Friends, what about EA's Scrabble, or TextFree, or any of the 10,000 other iPhone/Android apps that can communicate privately between two parties?

My advice? Cancel your hardwired ISP, cancel all smartphones with network access, harden your doors, windows, and other points of entry and lock you and your family in your basement. There you go, no "unsavories" or "scammers" can ever access you or your family. I'm sure that will go over well with the wife and kids, but at least you're being upfront about it and not covertly spying on them through their electronic communication (which is what you *really* want to do).

When they object, tell them the other option (your little Napoleon complex and your in-home Echelon system), and be prepared for your, sorry your "friend's" wife to serve up some divorce papers.

Oh, that's right, you just want them to be "safe". Give us a break, even the most hardened Fox News or CNN watcher isn't really *that* scared of unsavory types messing with their lives, and if you are, please turn off the television and go for a walk in the park for a few hours.

Tinfoils ready? (0)

Anonymous Coward | more than 2 years ago | (#40064555)

Spying without search warrant is illegal. If you want to know what's your family up with internet, just ask them, talk with them.

If you can't have open discussion with them, it is already too late and better option is to get a better realtionship ( or have a deep look in the mirror yourself ).

Myspace's first plug in 2012 (0)

Anonymous Coward | more than 2 years ago | (#40064557)

I'll let Tom know.

I can't do this, but I'm gonna do this... (0)

Anonymous Coward | more than 2 years ago | (#40064563)

it's not plausible to put monitoring software in the devices on the network (due to legal issues and a few other factors)

... so I'm wanting help building a monitoring soultion for the devices on the network (and not realizing that it's the same damn thing legally)

Linux router (0)

Anonymous Coward | more than 2 years ago | (#40064569)

You can use a Linux box with two network interface cards and configure it to be a router. Then I would put it between the wireless access point/Router and the DSL modem/cable modem or whatever.

http://unixfoo.blogspot.com/2008/02/how-to-configure-linux-machine-as.html

You can use ethereal or TCP dump or whatever to record the traffic.

http://www.ethereal.com/

Analyzing it will be a pain because there will probably be a lot. I recommend giving all the devices you want to monitor static ip addresses, so you can ignore traffic from other machines that you don't want to monitor.

You will still have a *lot* of traffic. If the app obfuscates the traffic, they might use encryption, and you will probably not be able to do much about this at your skill level. If you root the device, and can figure out where the trusted certificates for the certificate authorities are, you can make your own certificate authority and then conduct SSL man-in-the-middle attacks and decrypt that traffic. This is quite possibly more complicate than you can figure out on your own though.

One thing that might be good is to get the blacklists of malicious sites from google or something similar. Then, you could at least make something that looked for traffic to those sites.

Anyway, good luck.

   

You don't need a client like this. (0)

Anonymous Coward | more than 2 years ago | (#40064583)

Walk away from this one. Whatever system you put into place isn't going to do what they want, and then you're the one getting the phone calls and nasty emails. There are bigger issues afoot here, and you don't need to be a part of them. No amount of money is going to be worth getting into this quagmire.

Ntop and passive TAP (2)

sl4shd0rk (755837) | more than 2 years ago | (#40064585)

For corporate traffic, Don't put a box in between that traffic. If it fails, everything is down. Get a TAP, as you hinted, but make sure to get one that fails 'open' [network-taps.eu] . Then, run Ntop [ntop.org] off the TAP port. If the TAP burns up, or port goes bad, you still have network access.

It sounds like your "client" is just wanting to basically monitor on his family, so in that case, get a 10/100 HUB (not a switch) to stick downstream of your modem. Plug in your linux box on port 1, and the router/modem into port 2. Don't put anything else on it because.. it's a hub. Run Ntop on the linux box.

Look at Netflow based tools such as nfsen (1)

badger.foo (447981) | more than 2 years ago | (#40064589)

If you can set up your gateway to export Netflow [wikipedia.org] data, you get excellent data for tracking your traffic (connection metadata) without all the bulk of keeping a full copy of the traffic.

There's a large number of tools available for collecting, analyzing and otherwise dissecting collected Netflow data, with a good number most likely available via your favorite free Unix-like operating system's packages collection. My favorite combo is to set up an OpenBSD [openbsd.org] box as the gateway, have it export traffic data via the pflow(4) [openbsd.org] facility and do the collection and analysis bits somewhere via nfdump/nfsen (see eg nfsen.sourceforge.net [sourceforge.net] for info).

There are various resources available within direct reach of web search, but I would also recommend taking a look at Michael W. Lucas' book Network Flow Analysis [nostarch.com] for a nice treatment of Netflow in general (it uses flow-tools, but most of what he writes will be useful in the context of other tools too).

Oh Jeez (0)

Anonymous Coward | more than 2 years ago | (#40064591)

The "client" is most likely a husband trying to catch his wife cheating or wife trying to catch the husband cheating, hence the need to grab the "evidence" as the poster put it. This client has probably already tried going through emails and such with no success and is looking to have something that will get info before it can be deleted, if it even exists in the first place.

Basically stalking his family (0)

Anonymous Coward | more than 2 years ago | (#40064595)

This is a thinly veiled attempt to get help in stalking someone's family. He's checking up on someone's wife (or husband) or kids. He suspects something untoward is going on and just wants evidence. This has nothing to do with 'protecting' anyone. I'm honestly surprised the editors put this one up.

"due to legal issues and a few other factors" (3, Informative)

Neil_Brown (1568845) | more than 2 years ago | (#40064599)

It obviously depends on the laws to which your client is subject but, if there are "legal issues" in putting monitoring tools on "devices on the network," you may also find that there are similar restrictions, or at least hurdles to clear, in operating an interception capability as part of the network...

If it is just a private house, for members of a family, as the summary seems to suggest, chances are these will be minimal. If it will end up monitoring the nanny, cook or whatever other staff your client might have, you might need to have more robust procedures in place. In either case, it's worth checking it out if any part of your contract says "system will comply with applicable law" or anything like that — or just for your own peace of mind.

Router Distros: pfsense and Smoothwall (1)

Mondo1287 (622491) | more than 2 years ago | (#40064619)

Use pfsense or Smoothwall. I personally like pfsense better, and it has better support for newer hardware, but Smoothwall has better graphs for what you're looking for.

Another "Do my job for me" Ask Slashdot article (0)

Anonymous Coward | more than 2 years ago | (#40064631)

And this used to be a nerd site.
 
Captcha: Notifies

Re:Another "Do my job for me" Ask Slashdot article (1)

clonehappy (655530) | more than 2 years ago | (#40064675)

Well, when the job is one that is nearly impossible save for the NSA-level superspy computers, it helps to get some input from the tech community. If only to realize how ridiculous your idea is. Oh, and the fact that turning off Wi-Fi and pushing the "3G data ON" button on the smartphone completely bypasses his "security" mechanism.

Hire me (1)

nauseous (2239684) | more than 2 years ago | (#40064647)

Hire me or give me $$$ and I'll show you in details. Easy way and get all traffic easy in graphic form.

This is... a lot of work. (3, Insightful)

spektre1 (901164) | more than 2 years ago | (#40064655)

And not worth it. The couple of sarcastic comments that have started off the replys here are telling you this. The problem is you need to dump interesting data out of the packets, and there's no easy way to tell what is actually interesting. Also, this is a cryptographer's nightmare or dream depending on how you look at it. You're Charlie here, and that means you're the guy that everyone wants to defeat in this scenario. It's not going to yield much useful data since more and more communications on the 'net are switching to HTTPS. Also, I don't think you can fully appreciate the amount of storage this will require. I work with network video, and when I have to run a packet capture to do analysis, the problem is finding a storage medium to dump to that can handle the throughput. The only thing I can usually make feasibly work is a ramdisk. You can't do that from your linux embedded router. It just isn't going to happen. Now, I suppose you could only capture the headers of the packets. But again, that's not going to do you any good. You don't capture any of the payload then. Conclusion: Way more trouble than it's worth, and to do what you're talking about will cost a lot of money. Don't bother. Frankly, if you're client is that concerned about the traffic coming out of the house, wipe all the computers to remove any potential malware on them already, install a fresh OS, install your own keyloggers on the systems if it's the human element you don't trust, and be done with it. It's invasive as hell, but it's a lot less sinister, and easier, than trying to play the panopticon game.

Worried about legal when monitoring your family? (1)

Acid-Duck (228035) | more than 2 years ago | (#40064669)

It sounds to me like either you're either dishonest in your submission or your client client told you a load of crap and you believed him. Why would someone (with good intentions) who wants to monitor his family's Internet activities be worried about legal stuff? Perhaps the husband believes his wife is cheating on him and is trying to put together some kind of proof?

Try OpenDNS (0)

Anonymous Coward | more than 2 years ago | (#40064673)

Detection is not prevention, OpenDNS for network DNS resolution, Web of Trust on the endpoints, and antivirus on all clients will give good protection on the cheap.

If you want free and simple use Smoothwall/PfSense (1)

lastrogue (1773302) | more than 2 years ago | (#40064677)

I have only every used smoothwall but others seem to like PfSense better. great at getting a high and low level view of traffic on your network. I say simple but there is some configuring involved and you'll need a separate box with 2 NICs. it can be a low end system though nothing fancy, something like 3-5 GB of space and 256-512 MB of RAM would do you fine.

In reply to alot of the posters (5, Informative)

Shalmendo (2643729) | more than 2 years ago | (#40064681)

I admit the scope of the project is overwhelming, and I've told my client that he's asking for an NSA quality project. I will direct him to this post and your replies to help him to better understand the nature of his requests. Also, it appears that my article was truncated before being posted, so some of the explanatory bits were cut off, although the core of the question is still there for the most part. And yes, this is an actual client, not myself. I already suspected what most of you were saying, and tried to tell him that, but computers are a big 'mystery box' to him, and I can't seem to nail stuff home on my own. (IF it was myself i would have all already solved this problem.) Also, I'm a little surprised at some of the hostility and non-seriousness i've seen here, but I suppose it is to be expected considering alot of the drama and arguing i've seen going on in other arguments. When I originally wrote the article, I did specify 'serious answers only please, I don't want to start an argument, but a bunch of random answers that are unrelated won't help me solve this problem' And to be more specific, it's a home network with a cable connection. (I obviously can't be too specific due to his need for anonymity to avoid 'alarming' his family to his clandestine monitoring intentions). He does reasonable cause for suspecting something is going on and just needs to have information available to aid him in making decisions about some unusual behavior. and yes, I know that you can't get 'screenshots' right off a client PC through a network, by screenshots i meant some kind of recreation of a visited website, or just text information in printable form off some kind of analyzer software. I really would like to solve this problem, but I agree it's an excessive project. He wants the moon without having to go there to get it, type of issue.

Re:In reply to alot of the posters (0)

Anonymous Coward | more than 2 years ago | (#40064717)

best reply.

Palo alto firewall products (1)

Zarhan (415465) | more than 2 years ago | (#40064699)

Get a Palo alto firewall. You can filter by application, and even make firewall rules like "allow reading of facebook, but disallow posting", or even "disable attachments".

Of course, you didn't exactly specify budget...

There is the glaring problem of 3g (0)

Anonymous Coward | more than 2 years ago | (#40064713)

If there are iphone/android phones involved, all they have to do in turn wi-fi off and they do an end-run around all of your fancy logging.

Creepiest "Ask Slashdot" ever? (1)

Anonymous Coward | more than 2 years ago | (#40064741)

What's next? "My client has an urgent need to dispose of a number of black trash bags, the content of which are roughly human-sized. What would be the most efficient way of doing this? His family must not find out."

bleh (1)

IT.luddite (1633703) | more than 2 years ago | (#40064755)

squid as a mitm ssl proxy? but like so many previous commenters... why? other than messing w/ a roommate (ala http://www.ex-parrot.com/pete/upside-down-ternet.html [ex-parrot.com] ) this is really useless. but hell, billables are billables!

Sounds like a perfect job for rpcapd. (1)

AlphaWolf_HK (692722) | more than 2 years ago | (#40064767)

Get a router compatible with tomato firmware, install tomato, and then install rpcapd on it (no need to compile from source, there are standalone binaries out there compiled for your router's CPU). Then use wireshark to monitor and capture the traffic. After that you can take your pick of software to parse the pcap files.

Hope your client is rich. (1)

Lumpy (12016) | more than 2 years ago | (#40064775)

Because I would not touch that project for less than 5 figures plus an ongoing support contract of at least very high 4 figures or low 5 figures.

I am highly suspect of the "protect his family from scammers" and the "monitor and record all outgoing traffic"

If he is really interested about protecting his family from scammers then educating every in the home that "everything on the internet is a scam unless you personally know the person" is all that is needed.

Finally, if a lot of ipads and iphones are involved, your system is completely worthless as turning off wifi will disable your system completely for that unit. 3G on their ipads and iphones will bypass everything you can think of doing unless you force a VPN back to the home so that all traffic goes through there and refuse to share the admin password on the devices.

truth (0)

Anonymous Coward | more than 2 years ago | (#40064805)

Install IDS (SNORT). Sniff for what info you are looking for. Cacti is nice for bandwidth monitoring.

Very clear author wants to monitor his kids .. (0)

Anonymous Coward | more than 2 years ago | (#40064829)

Very clear author wants to monitor his kids social lives...

Client's real problem (1)

turkeyfeathers (843622) | more than 2 years ago | (#40064847)

Won't he be surprised when he finds out it's you that's having an affair with his wife!
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>