Tracking Internet Usage

By cheiring ·
I have recently been promoted to a new position after our network admin left.

He never showed me how to check out what websites a end user has been viewing.

I have been approached to build a report on websites a specific end user has been visiting. This was done before by the network admin but I will be darned if I know how he did it. Is there something I am missing.

What does everyone else use? Can anyone tell me where I should start looking.

We are using Cacti but it to be just a bandwidth tracker. we are also using a sonic wall and I don't see anything in there for reports.

Is this something on the specific machine that I need to be looking at.

Thanks for all the help

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

First things are first:

by Nonapeptide In reply to Tracking Internet Usage

First thing I'd do would be to ask those people who want reports to proffer some past reports for me to analyze and get a better idea of what I should be looking for. Were they adorable graphical reports with pie charts and shiny icons, or were they just ugly text? How were they given those reports? Was it in a PDF format? A web page? Excel spreadsheet? Were specific user accounts shown? If so, that would suggest that something is hooked up to the directory service (do you have Active Directory?). Just keep asking questions. Inform the interested parties that in order for you to do your best to get them what they want, you will need more information.

There are two possibilities that I know of for someone to monitor all network traffic:

1. There is some device that is "topmost" in the appliance hierarchy (like a firewall). Your SonicWall probably can record some form of surfing history. The model that I'm familiar with has very meager reporting capabilities and you have to trace traffic based on IP, not a directory account.

2. A switch is replicating traffic to a specific port that feeds into a server / appliance that does the analyzing. Here's the diagram that's in my head: The WAN port from the firewall might plug into an external switch. The port that the firewall plugs into could be being replicated to another port which is pumping all traffic into one of the seemingly millions of network analyzing applications. Here's a list of some of those analyzers:

Some of those analyzers aren't made specifically for analyzing web usage, but that gives you a decent sized list to work off of and see if you recognize any of those names.

EDIT: Yes, there could be a client-side web tracking package being used, but I'm not aware of a specific one. It may be as simple as going to Add/Remove programs and seeing what's on the client machines. Unless the previous admin just poked through people's browser history.

Let us know what happens.

Related Discussions

Related Forums