Hi, I've been asked to monitor/log the internet usage during work hours of about a dozen employees. I want to leave it capturing for a few days but don't want run out of memory/space. My current idea is to capture only DNS traffic, which should give me most of what I need. Is there a better way to capture or a better app/method? Thanks asked 09 Sep '13, 05:26  nt40lanman |
One Answer:
that just tells you that 'something' on a system requested name resolution. It could be a ping on the CLI, it could be the user surfing (HTTP(s)), it could any other protocol to that server, etc.. So, based on the DNS information you have no valid data about the internet usage of those users. If the system uses the local DNS cache, you won't see any internet usage at all, until the DNS cache entry times out.
that's the biggest problem if you want to use Wireshark. Wireshark is a great protocol analyzer and network troubleshooting tool, but it is not very good at (realtime) monitoring for long periods of time. So, either you run dumpcap (no RAM problems) or you head for another (monitoring) tool. See tools in the Links section of WinPcap (e.g. assniffer, iNetWatcher, and similar). On Linux, ngrep can be useful or maybe xplico. Regards answered 09 Sep '13, 06:18  Kurt Knochner ♦ |
