Monitoring Content of Connections

Is there an application that allows me to sniff or read-and-pass-along content of users joining their wireless connections? I think there is a virtual server system that might allow this, right? The router is a Belkin DSL/Cable Wireless Router.

I am not interested in invading privacy (there is no assumption of it, as the system warns the user), but in doing random checks to ensure that an acceptable use policy is not being infringed.

There is probably a better newsgroup to post this in, but since the router is wireless, I figure it qualifies.

Reply to
Five By Five
Loading thread data ...

I believe Ethereal can do this. Interpreting the data is the hard part.

I guess you could pass all traffic through a proxy that stored a copy on disk and then allowed you to dissect it at your leisure. Thats likely to be expensive tho.

You probably don't want to do this. As it stands, I think you can rely on "common carrier" type laws to protect you from the actions of your users. If you actively monitor and announce you do this, I strongly suspect you will lose that protection.

One with security in the title?

Reply to
Mark McIntyre

Five By Five hath wroth:

Yes, there is. It's usually specific to the maker and model of the router. Do you want URL's, services, socket numbers, protocols used, traffic statistics, error, or the actual content? If you're monitoring content, I don't want to get involved.

Does this Belkin have a model number? Duz is support either syslog or SNMP? If not, you're stuck because you have a conglomerated modem/router. You would normally do the sniffing at the junction between the DSL modem and the ethernet router. However, since these are all in one package, there's no access to this point. The only way you're going to do any sniffing is if you replace BOTH the DSL modem and the wireless router.

That's fine. Just realize that you're doing it anyway. I have my own ethical formula for such things. I also sniff erratically to make sure there's nothing amis on my networks. However, I don't save anything other than traffic logs, and always inform the users that I'm monitoring their connection either before or after. If you're setting up a Carnivore clone, you most certainly are violating their expectation of privacy.

Most acceptable use policies are NOT based on content. They're based on services and traffic. For example, an ISP might decide that file sharing is inappropriate or that daily traffic in excess of 30GBytes is abuse. There are quite a few traffic monitors (MRTG, RRDTool, Nagios, etc) that will give pretty graphs and belch alarms when some form of pre-programmed abuse it triggered. They do that without sniffing content. I think you'll find that random checks will not suffice for excessive traffic problems (which includes worm and virus infections). You'll need a dedicated and 7x24 continuous data logger and management workstation.

Sniffing internet traffic has nothing to do with wireless. I don't know which newsgroup or mailing list would be appropriate for sniffing.

Reply to
Jeff Liebermann Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.