Ask Slashdot: Best Way To Monitor Traffic? 338
First time accepted submitter Shalmendo writes "My client needs to monitor traffic on his LAN, particularly going out to the internet. This will include websites like Facebook, Myspace, and similar, including from mobile devices. So far, based on the network education I have, I've concluded that it might be best to get a tap (And some kind of recording system with wireshark, probably a mini-barebone), or replace the existing Linksys router with a custom built mini barebone system with linux routing software and appropriate storage capacity etc to record traffic internally. (either way it looks like I will need to put together a mini barebone system for some purpose) My client is trying to protect his family from scammers and other unsavory types, and isn't savvy in this matter, so i'm doing it for him. What I need is a way to record the traffic at a singular point, like modem/router areas, or similar, and a way to scrape out Facebook, Myspace, and other messages. It also appears that the client's family is using iPhones and some game called 'words' which has message capability. Is it possible to scrape messages out of that game's packets, or are they obfuscated? Can I write a script? What software would you recommend? Linux routing OS? Can we sniff packets and drop them on the internal hard drive? or would a tap be better? How do I analyze and sort the data afterwards? my client needs easily read evidence (Such as text or screenshots) he can use as proof in discussion with his family to try and intercede in any potentially harmful transactions. In other words, how can I Achieve this goal? I have basic and medium training in computer networking, so I can make my own cables and such, but I've never worked on this exact kind of project before, and thought it might be better to query slashdot instead of do my own research from scratch. After days of discussion with the client, it's not plausible to put monitoring software in the devices on the network (due to legal issues and a few other factors), so I concluded a network tap or other device would be the best way to capture and study what's going on."
a bird in hand (Score:5, Insightful)
Or maybe go and buy an internet security hardware appliance like Sonicwall or Watchguard and bill out 700 hours labor. It will take you less time to install one than writing that horrific maligned essay you chose to sully our pages with.
Who is this (Score:5, Insightful)
'client'? And why does he need to know the content of every. single. message. that goes out on his network? Is this going to be like the talk with my kids when they say 'my friend has this girl he likes' kind of thing?
If you need to know what every message going out is, including the content of a (I assume) 'words with friends' game, maybe you should just unplug for a while and take a walk in the woods to clear your head. Then maybe speak to a psychiatrist for the paranoia issues.
Cure the problem (Score:3, Insightful)
Take all their devices, and get rid of the internet if he cant control them. When my kids started staying up later than I wanted I just shutdown the router from 10:30 pm to 8:00 am back in the day. Besides if they have I smart phones they can just get off the lan and onto the carrier circumventing any controls you put on the lan.
Your client is a stalker? Or just the new Fritzl? (Score:5, Insightful)
Seriously.
Logging traffic is not going to stop someone from doing something stupid, like falling for a scam.
Education is.
one word answer: don't (Score:4, Insightful)
Fortigate will do what you need out of the box, paired with Fortianalyzer.
The bigger question is WTH you're doing with this. You can't put monitoring software on the devices, but you can look at every last bit they send and receive? Legal issues are a far bigger problem when data is in transit (as in flying across the network) than when it's at rest on the device. You won't even see everything, as a lot is TLS-protected and if it's a phone, it can bypass the fixed network entirely. I somehow doubt that he's making his wife and kids agree to an AUP that allows this sort of monitoring.
Absolute control is difficult and not advised (Score:5, Insightful)
An easy thing you could do is to set up a proxy on the network (such as Squid) and use DHCP to force all of the computers on the LAN to use it. It won't be foolproof unless you block any outbound web traffic that isn't coming from the proxy and that will maybe break things, but this is someone's house and not an IT shop so that's not a big deal.
After that, set up all the phones to use wifi and take the hit in battery performance, or else get everyone ipod touches instead of phones with a data plan. You can't get around the fact that he is paying for another data connection per handset from the phone company.
The *best* thing you could do is sit your friend down and advise him that the world is scary and that you can't shield your kids from everything, but you can certainly build a good rapport with them and answer questions about life when they come up.
Re:Ahmadinejad? (Score:5, Insightful)
Exactly. Either the "friend" is actually an oppressive government or a guy with some serious problems. Tell him it's not possible. Even if it's possible, it's a bad idea, possibly illegal. Then go take an Ethics class.
Treat the disease, not the symptoms (Score:5, Insightful)
My client is trying to protect his family from scammers and other unsavory types, and isn't savvy in this matter, so i'm doing it for him.
Then you're doing it wrong.
Quite frankly, extreme monitoring and filtering isn't going to work. Scammers will hide their words to avoid filters, so active filtering doesn't work. The exchanges are managed quickly, so scams (especially phishing scams) get your data instantly, so delayed review of activity isn't going to protect anyone, either, though it might make detection a bit faster. There is simple no hardware approach that will work.
If, as others have pointed out, your client is an overly controlling patriarch, he needs professional psychiatric help. If he's just paranoid and scared, he needs professional technical help, and that's where you should focus your efforts.
Educate him and his family on scammers' techniques and tactics, and security practices. Explain how the teenage daughter will be victimized and harassed, because that's just the nature of the assholes on the Internet. From a network perspective, make sure they have updated antivirus software, and maybe an active monitoring firewall to scan HTTP traffic for viruses. A basic scanner for the known threats, and education for the unknown threats, and the client will be far better off in the long run.
Your Best Solution (Score:5, Insightful)
He wants Orwellian monitoring over his network that is not only unfeasible but would eventually prove completely ineffective. If he's this paranoid, what's going to happen when your kludge of a system inevitably misses a message or two and he decides that caused someone to fall victim to a scam? He's going to come after you with some shark lawyer and make your life incredibly annoying, that's what. In the end, his idea will not prevent scams and the like. It's only going to further a "big brother knows best and sees all" mentality. On top of that, it shows a frightening lack of trust in his family - both in their ability to "do the right thing" and in their general intelligence. Your best solution is to drop the client and not feed his totalitarian ego.
On the other hand, if this is really you wanting such a solution, the trust issues apply even moreso. Learn to EDUCATE instead of spy. You will have much better results.
And finally, if you're an ISP too clueless to do something on your own, GTFO Slashdot with your asking us how to spy on your customers. You should be ashamed of yourself.
tl;dr - Your plan is a bad idea all around...
Ah another "safety" nut... (Score:5, Insightful)
My advice? Cancel your hardwired ISP, cancel all smartphones with network access, harden your doors, windows, and other points of entry and lock you and your family in your basement. There you go, no "unsavories" or "scammers" can ever access you or your family. I'm sure that will go over well with the wife and kids, but at least you're being upfront about it and not covertly spying on them through their electronic communication (which is what you *really* want to do).
When they object, tell them the other option (your little Napoleon complex and your in-home Echelon system), and be prepared for your, sorry your "friend's" wife to serve up some divorce papers.
Oh, that's right, you just want them to be "safe". Give us a break, even the most hardened Fox News or CNN watcher isn't really *that* scared of unsavory types messing with their lives, and if you are, please turn off the television and go for a walk in the park for a few hours.
Re:Ahmadinejad? (Score:2, Insightful)
Exactly. Either the "friend" is actually an oppressive government or a guy with some serious problems. Tell him it's not possible. Even if it's possible, it's a bad idea, possibly illegal. Then go take an Ethics class.
Or maybe it's a father who wants to monitor what his kids are doing. You might disagree with that, but as long as he's not beating his kids, how he raises his family is none of your business.
This guy wants to secure his home network. A secure network is a good thing. I'm sure you'll say that this is monitoring, not security. Well, how do you know if you've properly secured your network without monitoring it?
This is... a lot of work. (Score:3, Insightful)
Re:Who is this (Score:4, Insightful)
I still think it is a trolling of the /. editors.
No one who knows how this could be accomplished would actually consider it at a home install network. Aside from being cost prohibitive, to defeat it all you need is an SSL proxy so that you can https to the proxy and from there go to the WWW. Thus this would not even be useful if the people being watched thought they were being watched.
-nB
Re:Ahmadinejad? (Score:3, Insightful)
Not until the kids start voting and don't understand why anyone would have a problem with constant monitoring of all communication. Then they're everybody's business.
You can screw up a kid without beating him. Letting them know off the bat that you don't trust them in the least bit is one way to start. Once you've eroded their trust in you to the point you think you need to monitor every communication means your work is mostly done.
Re:Who is this (Score:5, Insightful)
His "client" is obviously himself, he has serious trust issues and should probably seek professional help in dealing with those. His "client" isn't savvy in the matter of "protecting his family from scammers and unsavory types" yet he thinks that being able to crimp a patch lead is enough of a background to "tap" SSL encrypted sessions, breaching various computer misuse laws depending on your country (Wiretap Act in US, Computer Misuse Act / RIPA in the UK). Not only that, but he wants intelligent and monitoring of communications between two parties without their consent. All of this done with a script, with screenshots (that's desktop integration, mate) and then he wants to blow up his family by confronting them with this "evidence".
I think 4Chan just trolled Slashdot.
Re:Ahmadinejad? (Score:4, Insightful)
This sounds more like someone is planning for a divorce.
Re:spying on own family (Score:3, Insightful)
If he wants proof he can use during a divorce, he should probably ask the judge to authorize a subpoena of facebook messages posted by the soon-to-be-ex, rather than engaging in clandestine surveillance which very well may be illegal, and cost him a lot more than he's going to win in any divorce settlement.
Re:In reply to alot of the posters (Score:4, Insightful)
Noting that you say:
I will direct him to this post and your replies
I guess I am a little surprised that you go on to say:
I ... tried to tell him that, but computers are a big 'mystery box' to him, and I can't seem to nail stuff home on my own ... He wants the moon without having to go there to get it
Surely not a good idea to say such things about a client (under a profile of the same name as that of the submitter), whilst saying that you are going to suggest that he reads the thread?
avoid 'alarming' his family to his clandestine monitoring intentions
This rather emphasises my view that you should either get a good quality (does he have much money?) indemnity from him that what you are doing is legal, or else be *very* sure of your own legal position (and, perhaps, his)... It would seem to be more than avoiding scammers if there is a fear that those within the network would be alarmed, rather than being consulted, and being grateful for the protection they were offered?
Anyone else catch this (Score:4, Insightful)
My client is trying to protect his family from scammers and other unsavory types, and isn't savvy in this matter, so i'm doing it for him.
combined with
After days of discussion with the client
LOL. If someone can't be educated in "days" then they simply can not be protected from themselves. By "unsavory types" I assume he means us /.ers, which makes it even funnier. Would you trust me with your 19 year old daughter? Thought so. Well, she'd probably kick my butt anyway so don't worry too much.
I must be the only guy in /. with little kids that click on every spam popup window and sign themselves up for anything because... they're little kids. That is why their monitor is in a public part of the house easily viewed about 5 feet from my home office desk. My wife and I have caught them doing all kinds of ridiculous stuff and have (mostly) calmly used those events as "teachable moments", with excellent results. We've caught them watching remarkably inappropriate youtube videos, applying to work at the local Culvers (he was only 7 at the time), installing all kinds of spyware toolbars and stuff (whats more evil than a kids TV show that only exists to sell toys? I know, a kids game that only exists to install spyware! ). I'm pretty close to wiping his machine and installing debian, but people keep buying him windoze only "educational software" to my intense annoyance.
Also I must be the only guy with elderly relatives with a known proven tendency to fall for telemarketing pitches (clean your furnace ductwork for $400? Hearing aid for $5000?).
There are reasons to block/track/examine/log things beyond trying to catch the wifey cheating with the pool boy, in fact keeping a really close eye on little kids and elders is being a nice civilized responsible guy, not a jerk. In comparison "easily read evidence" and "use as proof" is simply being a jerk.
I will suggest that printing this ask /. out and giving it to the client will probably be extremely educational for the client. Probably this is one of those "the client is a little overbearing and I need some backup in arguing with him" situations. We should demand a cut of the proceeds from the consultant; maybe a tithe to the EFF would be appropriate?
Re:Ahmadinejad? (Score:5, Insightful)
What most try to point out is that this approach is really just looking at the internet, being afraid, and applying the biggest hammer possible to the situation when it really will not do much good at all. Teaching your kids right from wrong, as crazy as that sounds, is a LOT easier than not teaching them anything, throwing them onto the internet, and then trying to filter the "wrong" out and/or observe them doing wrong and punishing them (i mean "interceding") later.
Example 1: the clueless submitter asks about iphone apps, clearly has no idea what they even are, and completely overlooks the fact that whenever the kid/spouse/slave/whatever is out of the house, the fancy pants record-it-all box will have NO effect at all. This "project" has FAIL written all over it, for so many reasons.
Re:a bird in hand (Score:5, Insightful)
It generates nerd rage and plenty of comments. This isn't a serious question at all. This guy is yanking our collective chain or he's kind of out of his depth. As others have noted, this idea is both unpleasant and pretty heavy work. Samzenpus, would you like to use any of the following as future Ask Slashdot submissions?
A client has approached me to develop an MMO, with clients for Windows and Linux. I'm pretty good with HTML and have made some Star Craft maps. What language should I learn for writing the MMO? I heard that Warcraft is written in sea plus plus. Would Linux be good for hosting the game?
I've been repairing cars since I was a kid, and I've been asked to visit the ISS to perform some repairs to its solar arrays. Rather than attend college and develop sufficient experience in more down to earth jobs, I'm asking Slashdot for some advice on how I can do this? What kinds of bolts do they use on those things? I have a pretty good socket set from Sears that's served me well fixing up cars.
Sorry dude, I blame Samzenpus more than the submitter. This question is so horribly out of place and is practically inviting a stream of "let me google that for you" responses and flames.
Translation: affair (Score:4, Insightful)
And to be more specific, it's a home network with a cable connection. (I obviously can't be too specific due to his need for anonymity to avoid 'alarming' his family to his clandestine monitoring intentions). He does reasonable cause for suspecting something is going on and just needs to have information available to aid him in making decisions about some unusual behavior.
In other words, he thinks his wife is having an affair and has seen some "unusual" transactions on the credit card or caller ID numbers, and is trying to gather "evidence" to use against her.
If you're the client, this is a hugely bad idea and could get you in very, very big legal trouble.
If you're not the client, then this is still a hugely bad idea and could get you in legal trouble.
Probably the second best move for you is to contact the wife and let her know what you've been asked to do. You might even get a larger paycheck out of it that way.
But finally, the first best move for you is to contact a qualified divorce/family law lawyer in your jurisdiction. Because before you take any further moves, you want to know which ones will get you sued and which ones will get you in jail.