Forgot your password?
typodupeerror
The Internet Technology

Ask Slashdot: Best Way To Monitor Traffic? 338

Posted by samzenpus
from the keeping-an-eye-on-things dept.
First time accepted submitter Shalmendo writes "My client needs to monitor traffic on his LAN, particularly going out to the internet. This will include websites like Facebook, Myspace, and similar, including from mobile devices. So far, based on the network education I have, I've concluded that it might be best to get a tap (And some kind of recording system with wireshark, probably a mini-barebone), or replace the existing Linksys router with a custom built mini barebone system with linux routing software and appropriate storage capacity etc to record traffic internally. (either way it looks like I will need to put together a mini barebone system for some purpose) My client is trying to protect his family from scammers and other unsavory types, and isn't savvy in this matter, so i'm doing it for him. What I need is a way to record the traffic at a singular point, like modem/router areas, or similar, and a way to scrape out Facebook, Myspace, and other messages. It also appears that the client's family is using iPhones and some game called 'words' which has message capability. Is it possible to scrape messages out of that game's packets, or are they obfuscated? Can I write a script? What software would you recommend? Linux routing OS? Can we sniff packets and drop them on the internal hard drive? or would a tap be better? How do I analyze and sort the data afterwards? my client needs easily read evidence (Such as text or screenshots) he can use as proof in discussion with his family to try and intercede in any potentially harmful transactions. In other words, how can I Achieve this goal? I have basic and medium training in computer networking, so I can make my own cables and such, but I've never worked on this exact kind of project before, and thought it might be better to query slashdot instead of do my own research from scratch. After days of discussion with the client, it's not plausible to put monitoring software in the devices on the network (due to legal issues and a few other factors), so I concluded a network tap or other device would be the best way to capture and study what's going on."
This discussion has been archived. No new comments can be posted.

Ask Slashdot: Best Way To Monitor Traffic?

Comments Filter:
  • a bird in hand (Score:5, Insightful)

    by alphatel (1450715) * on Monday May 21, 2012 @10:25AM (#40064223)
    Oh it's realy easy. You just need about 800 offshore programmers, 200 solid state drives, hadoop, ruby on rails, cheese, bacon. Clearly your client has the funds.
    Or maybe go and buy an internet security hardware appliance like Sonicwall or Watchguard and bill out 700 hours labor. It will take you less time to install one than writing that horrific maligned essay you chose to sully our pages with.
    • by bwhaley (410361)

      Completely agreed. How did samzenpus decide this of all submissions should make the cut? The submitter is clearly quite uninformed and the question is far out of line with the thinking of the Slashdot community, even if it were reasonably formulated.

      Next, please.

      • Re:a bird in hand (Score:5, Insightful)

        by Anonymous Coward on Monday May 21, 2012 @11:51AM (#40065441)

        It generates nerd rage and plenty of comments. This isn't a serious question at all. This guy is yanking our collective chain or he's kind of out of his depth. As others have noted, this idea is both unpleasant and pretty heavy work. Samzenpus, would you like to use any of the following as future Ask Slashdot submissions?

        A client has approached me to develop an MMO, with clients for Windows and Linux. I'm pretty good with HTML and have made some Star Craft maps. What language should I learn for writing the MMO? I heard that Warcraft is written in sea plus plus. Would Linux be good for hosting the game?

         

        I've been repairing cars since I was a kid, and I've been asked to visit the ISS to perform some repairs to its solar arrays. Rather than attend college and develop sufficient experience in more down to earth jobs, I'm asking Slashdot for some advice on how I can do this? What kinds of bolts do they use on those things? I have a pretty good socket set from Sears that's served me well fixing up cars.

        Sorry dude, I blame Samzenpus more than the submitter. This question is so horribly out of place and is practically inviting a stream of "let me google that for you" responses and flames.

      • by 0racle (667029)
        Ok, I'll ask the other question. How is monitoring content over the network "far out of line with the thinking of the Slashdot community?"
    • Re:a bird in hand (Score:5, Informative)

      by foniksonik (573572) on Monday May 21, 2012 @01:10PM (#40066539) Homepage Journal

      www.cloudmeter.com

      SaaS packet sniffing with reporting.

      Put a client on your network and then tinker to get the data you want.

  • by Anonymous Coward on Monday May 21, 2012 @10:27AM (#40064277)

    Is that You?

    • Re:Ahmadinejad? (Score:5, Insightful)

      by DanTheStone (1212500) on Monday May 21, 2012 @10:40AM (#40064461)

      Exactly. Either the "friend" is actually an oppressive government or a guy with some serious problems. Tell him it's not possible. Even if it's possible, it's a bad idea, possibly illegal. Then go take an Ethics class.

      • by amiga3D (567632)

        But as a technical problem I find it interesting. Don't ruin the beauty of the thing with morality.

        • Re: (Score:2, Funny)

          by Anonymous Coward

          But as a technical problem I find it interesting. Don't ruin the beauty of the thing with morality.

          That's what my soon-to-be mistress said.

        • by s.petry (762400) on Monday May 21, 2012 @02:07PM (#40067303)

          Okay, you find it interesting. Look at any corporate Firewall and monitoring system and you have your answers. Hell I have an O'Reilly book from the very early 90s on TCP/IP security that covers all of the topics you need to know. The technology is nothing new, the only real variations are in how the logs are stored and parsed.

      • Re: (Score:2, Insightful)

        by ArcherB (796902)

        Exactly. Either the "friend" is actually an oppressive government or a guy with some serious problems. Tell him it's not possible. Even if it's possible, it's a bad idea, possibly illegal. Then go take an Ethics class.

        Or maybe it's a father who wants to monitor what his kids are doing. You might disagree with that, but as long as he's not beating his kids, how he raises his family is none of your business.

        This guy wants to secure his home network. A secure network is a good thing. I'm sure you'll say that this is monitoring, not security. Well, how do you know if you've properly secured your network without monitoring it?

        • If dad want to monitor his kids, the best way to do that is to ask them. That is, what a father supposed to do. Sneaking for "bad stuff" means there's no confidence in the children. In that case, the family is already in-secure no matter what are you doing with the network. Don't try to sell family problems as a reason for monitoring. It just doesn't figure.
          • by ArcherB (796902)

            If dad want to monitor his kids, the best way to do that is to ask them. That is, what a father supposed to do. Sneaking for "bad stuff" means there's no confidence in the children. In that case, the family is already in-secure no matter what are you doing with the network. Don't try to sell family problems as a reason for monitoring. It just doesn't figure.

            Yeah, because children NEVER lie to their parents. We are all live in a "Leave it Beaver" world.

            I find it sad that whenever a "video game rating" or a "require ID to purchase violent games" article comes up, I see post after post about how it's the parent's responsibility to monitor what their kids are doing. Now here is someone who wants to monitor what his kids are doing electronically, and he's hammered for it. Again, you don't have to like it, but it's a parent's job to know what goes on his/her hous

            • Even better, make it a condition that while they are under 18, they a) have to be your friend on Facebook and b) have to let you know the password. It's a far simpler solution than monitoring network traffic, as you say.
              • by KhabaLox (1906148)

                and b) have to let you know the password. It's a far simpler solution than monitoring network traffic, as you say.

                That's brilliant. Then you just turn them into the FB (c)ops for sharing their password and get their account shut down.

              • by Relayman (1068986)
                My son is 20 now but I have never asked him to tell me one of his passwords. I have a better relationship with him because of it. The concept is called "trust."

                That doesn't mean I didn't block the crap on the Sci Fi network for a while. But he's an adult now, so no filtering for him.
            • Re:Ahmadinejad? (Score:5, Insightful)

              by jeffmeden (135043) on Monday May 21, 2012 @11:32AM (#40065157) Homepage Journal

              What most try to point out is that this approach is really just looking at the internet, being afraid, and applying the biggest hammer possible to the situation when it really will not do much good at all. Teaching your kids right from wrong, as crazy as that sounds, is a LOT easier than not teaching them anything, throwing them onto the internet, and then trying to filter the "wrong" out and/or observe them doing wrong and punishing them (i mean "interceding") later.

              Example 1: the clueless submitter asks about iphone apps, clearly has no idea what they even are, and completely overlooks the fact that whenever the kid/spouse/slave/whatever is out of the house, the fancy pants record-it-all box will have NO effect at all. This "project" has FAIL written all over it, for so many reasons.

              • by SoupGuru (723634)

                I really like the saying I heard somewhere once: "It's easier to world-proof the kid than kid-proof the world"

        • Re: (Score:3, Insightful)

          by Anonymous Coward

          Or maybe it's a father who wants to monitor what his kids are doing. You might disagree with that, but as long as he's not beating his kids, how he raises his family is none of your business.

          Not until the kids start voting and don't understand why anyone would have a problem with constant monitoring of all communication. Then they're everybody's business.

          You can screw up a kid without beating him. Letting them know off the bat that you don't trust them in the least bit is one way to start. Once you've erode

        • Re: (Score:2, Interesting)

          by CanHasDIY (1672858)

          Or maybe it's a father who wants to monitor what his kids are doing.

          Judging by summary writer's admission that beyond making patch cables, he doesn't know networking from a cow fart, I would consider this an accurate assumption.

          I've never worked on this exact kind of project before, and thought it might be better to query slashdot instead of do my own research from scratch.

          Bad call, chief.

        • Re:Ahmadinejad? (Score:4, Insightful)

          by Cylix (55374) on Monday May 21, 2012 @11:09AM (#40064851) Homepage Journal

          This sounds more like someone is planning for a divorce.

          • by gnapster (1401889)
            No, this sounds more like they're living with an elderly parent who is loaded and senile.
      • by Jeng (926980)

        What I inferred from the summary was that this guy has relatives in his house who are being scammed on the internet and needed some proof to help educate them.

        • by tooyoung (853621)

          What I inferred from the summary was that this guy has relatives in his house who are being scammed on the internet and needed some proof to help educate them.

          That is what I read in the summary, not what I inferred.

      • Re:Ahmadinejad? (Score:4, Informative)

        by blackraven14250 (902843) on Monday May 21, 2012 @11:24AM (#40065057)
        All taking an Ethics class showed me was that anything can be justified by one of the many lines of reasoning used to create ethical principles...
      • by jeffmeden (135043)

        Exactly. Either the "friend" is actually an oppressive government or a guy with some serious problems. Tell him it's not possible. Even if it's possible, it's a bad idea, possibly illegal. Then go take an Ethics class.

        I like how he concluded that installing monitoring software on the endpoint devices has "legal implications" as if his family is not really on board with the plan, then waves his hand over simply listening/recording EVERYTHING as if that is magically OK. Messages in words with friends? Shit, you better be recording the words they play, too. You wouldn't want your teenage daughter seeing "COCK" get a triple word score when she is playing against billybuddy99 on the interwebs...

  • by DontScotty (978874) on Monday May 21, 2012 @10:28AM (#40064293) Homepage Journal

    You're going to need to install your scripts on the Verizon / AT&T point of presence to handle the iPhone / Words With Friends traffic molesting.

    I think the NSA has the hardware in place, you'll simply need to rent some space on one of their servers.

  • Who is this (Score:5, Insightful)

    by Loughla (2531696) on Monday May 21, 2012 @10:30AM (#40064317)

    'client'? And why does he need to know the content of every. single. message. that goes out on his network? Is this going to be like the talk with my kids when they say 'my friend has this girl he likes' kind of thing?

    If you need to know what every message going out is, including the content of a (I assume) 'words with friends' game, maybe you should just unplug for a while and take a walk in the woods to clear your head. Then maybe speak to a psychiatrist for the paranoia issues.

    • by nbuet (944469)
      Just imagine his client is a correctional facility and the requirements all of a sudden make sense.
    • Re:Who is this (Score:5, Insightful)

      by L4t3r4lu5 (1216702) on Monday May 21, 2012 @11:08AM (#40064837)
      More importantly, who the fuck upvoted this PoS from the Firehose?

      His "client" is obviously himself, he has serious trust issues and should probably seek professional help in dealing with those. His "client" isn't savvy in the matter of "protecting his family from scammers and unsavory types" yet he thinks that being able to crimp a patch lead is enough of a background to "tap" SSL encrypted sessions, breaching various computer misuse laws depending on your country (Wiretap Act in US, Computer Misuse Act / RIPA in the UK). Not only that, but he wants intelligent and monitoring of communications between two parties without their consent. All of this done with a script, with screenshots (that's desktop integration, mate) and then he wants to blow up his family by confronting them with this "evidence".

      I think 4Chan just trolled Slashdot.
  • Cure the problem (Score:3, Insightful)

    by Anonymous Coward on Monday May 21, 2012 @10:31AM (#40064333)

    Take all their devices, and get rid of the internet if he cant control them. When my kids started staying up later than I wanted I just shutdown the router from 10:30 pm to 8:00 am back in the day. Besides if they have I smart phones they can just get off the lan and onto the carrier circumventing any controls you put on the lan.

  • by Harald Paulsen (621759) on Monday May 21, 2012 @10:32AM (#40064359) Homepage

    Seriously.

    Logging traffic is not going to stop someone from doing something stupid, like falling for a scam.

    Education is.

  • This is seriously a problem that starts and begins with the users. All the technology in the world isn't going to fix it. We don't even know if it's a family LAN or related to a family business. You won't be able to get the iPhone information if they are using a data network. There is so much wrong with this whole situation I don't even know where to start.
  • by camusflage (65105) on Monday May 21, 2012 @10:33AM (#40064373)

    Fortigate will do what you need out of the box, paired with Fortianalyzer.

    The bigger question is WTH you're doing with this. You can't put monitoring software on the devices, but you can look at every last bit they send and receive? Legal issues are a far bigger problem when data is in transit (as in flying across the network) than when it's at rest on the device. You won't even see everything, as a lot is TLS-protected and if it's a phone, it can bypass the fixed network entirely. I somehow doubt that he's making his wife and kids agree to an AUP that allows this sort of monitoring.

  • by matt-fu (96262) on Monday May 21, 2012 @10:39AM (#40064441)
    As some have already commented, the scope of this project is a bit much. To automatically strip the specific things you want out of the stream even at the LAN level would involve a lot of processing. To do it for the phones would take Steve Jobs levels of political clout.

    An easy thing you could do is to set up a proxy on the network (such as Squid) and use DHCP to force all of the computers on the LAN to use it. It won't be foolproof unless you block any outbound web traffic that isn't coming from the proxy and that will maybe break things, but this is someone's house and not an IT shop so that's not a big deal.

    After that, set up all the phones to use wifi and take the hit in battery performance, or else get everyone ipod touches instead of phones with a data plan. You can't get around the fact that he is paying for another data connection per handset from the phone company.

    The *best* thing you could do is sit your friend down and advise him that the world is scary and that you can't shield your kids from everything, but you can certainly build a good rapport with them and answer questions about life when they come up.

  • by Necroman (61604)

    What you are describing basically sounds like what NGFW (Next Generation Firewalls) solve. These are standard firewalls, but add more "smarts" to them, like detecting certain applications, telling you which users access them and when. So you'll want something inline to do it properly.

    A lot of traffic to the web may also be going over an SSL connection, so you would probably need an SSL module in-line to basically man-in-the-middle all the computers on the network and snoop the traffic.

    Check out the NSS re [nsslabs.com]

  • by Sarten-X (1102295) on Monday May 21, 2012 @10:41AM (#40064477) Homepage

    My client is trying to protect his family from scammers and other unsavory types, and isn't savvy in this matter, so i'm doing it for him.

    Then you're doing it wrong.

    Quite frankly, extreme monitoring and filtering isn't going to work. Scammers will hide their words to avoid filters, so active filtering doesn't work. The exchanges are managed quickly, so scams (especially phishing scams) get your data instantly, so delayed review of activity isn't going to protect anyone, either, though it might make detection a bit faster. There is simple no hardware approach that will work.

    If, as others have pointed out, your client is an overly controlling patriarch, he needs professional psychiatric help. If he's just paranoid and scared, he needs professional technical help, and that's where you should focus your efforts.

    Educate him and his family on scammers' techniques and tactics, and security practices. Explain how the teenage daughter will be victimized and harassed, because that's just the nature of the assholes on the Internet. From a network perspective, make sure they have updated antivirus software, and maybe an active monitoring firewall to scan HTTP traffic for viruses. A basic scanner for the known threats, and education for the unknown threats, and the client will be far better off in the long run.

  • by jolyonr (560227) on Monday May 21, 2012 @10:43AM (#40064523) Homepage

    I don't know. Can you?

  • Your Best Solution (Score:5, Insightful)

    by FSWKU (551325) on Monday May 21, 2012 @10:43AM (#40064533)
    ...is to drop the client. Seriously.

    He wants Orwellian monitoring over his network that is not only unfeasible but would eventually prove completely ineffective. If he's this paranoid, what's going to happen when your kludge of a system inevitably misses a message or two and he decides that caused someone to fall victim to a scam? He's going to come after you with some shark lawyer and make your life incredibly annoying, that's what. In the end, his idea will not prevent scams and the like. It's only going to further a "big brother knows best and sees all" mentality. On top of that, it shows a frightening lack of trust in his family - both in their ability to "do the right thing" and in their general intelligence. Your best solution is to drop the client and not feed his totalitarian ego.

    On the other hand, if this is really you wanting such a solution, the trust issues apply even moreso. Learn to EDUCATE instead of spy. You will have much better results.

    And finally, if you're an ISP too clueless to do something on your own, GTFO Slashdot with your asking us how to spy on your customers. You should be ashamed of yourself.

    tl;dr - Your plan is a bad idea all around...
  • by clonehappy (655530) on Monday May 21, 2012 @10:45AM (#40064549)
    So, either you are clinically paranoid, and should probably address that issue before any technical ones...or you need to take a step back, relax, and realize you don't have control over everything. Your "client's" requirements are completely ludicrous, and even if you wrote a script for "him" to scrape messages out of Words with Friends, what about EA's Scrabble, or TextFree, or any of the 10,000 other iPhone/Android apps that can communicate privately between two parties?

    My advice? Cancel your hardwired ISP, cancel all smartphones with network access, harden your doors, windows, and other points of entry and lock you and your family in your basement. There you go, no "unsavories" or "scammers" can ever access you or your family. I'm sure that will go over well with the wife and kids, but at least you're being upfront about it and not covertly spying on them through their electronic communication (which is what you *really* want to do).

    When they object, tell them the other option (your little Napoleon complex and your in-home Echelon system), and be prepared for your, sorry your "friend's" wife to serve up some divorce papers.

    Oh, that's right, you just want them to be "safe". Give us a break, even the most hardened Fox News or CNN watcher isn't really *that* scared of unsavory types messing with their lives, and if you are, please turn off the television and go for a walk in the park for a few hours.
  • by sl4shd0rk (755837) on Monday May 21, 2012 @10:47AM (#40064585)

    For corporate traffic, Don't put a box in between that traffic. If it fails, everything is down. Get a TAP, as you hinted, but make sure to get one that fails 'open' [network-taps.eu]. Then, run Ntop [ntop.org] off the TAP port. If the TAP burns up, or port goes bad, you still have network access.

    It sounds like your "client" is just wanting to basically monitor on his family, so in that case, get a 10/100 HUB (not a switch) to stick downstream of your modem. Plug in your linux box on port 1, and the router/modem into port 2. Don't put anything else on it because.. it's a hub. Run Ntop on the linux box.

  • If you can set up your gateway to export Netflow [wikipedia.org] data, you get excellent data for tracking your traffic (connection metadata) without all the bulk of keeping a full copy of the traffic.

    There's a large number of tools available for collecting, analyzing and otherwise dissecting collected Netflow data, with a good number most likely available via your favorite free Unix-like operating system's packages collection. My favorite combo is to set up an OpenBSD [openbsd.org] box as the gateway, have it export traffic data via
  • by Neil_Brown (1568845) on Monday May 21, 2012 @10:48AM (#40064599) Homepage

    It obviously depends on the laws to which your client is subject but, if there are "legal issues" in putting monitoring tools on "devices on the network," you may also find that there are similar restrictions, or at least hurdles to clear, in operating an interception capability as part of the network...

    If it is just a private house, for members of a family, as the summary seems to suggest, chances are these will be minimal. If it will end up monitoring the nanny, cook or whatever other staff your client might have, you might need to have more robust procedures in place. In either case, it's worth checking it out if any part of your contract says "system will comply with applicable law" or anything like that — or just for your own peace of mind.

  • by spektre1 (901164) on Monday May 21, 2012 @10:52AM (#40064655) Homepage
    And not worth it. The couple of sarcastic comments that have started off the replys here are telling you this. The problem is you need to dump interesting data out of the packets, and there's no easy way to tell what is actually interesting. Also, this is a cryptographer's nightmare or dream depending on how you look at it. You're Charlie here, and that means you're the guy that everyone wants to defeat in this scenario. It's not going to yield much useful data since more and more communications on the 'net are switching to HTTPS. Also, I don't think you can fully appreciate the amount of storage this will require. I work with network video, and when I have to run a packet capture to do analysis, the problem is finding a storage medium to dump to that can handle the throughput. The only thing I can usually make feasibly work is a ramdisk. You can't do that from your linux embedded router. It just isn't going to happen. Now, I suppose you could only capture the headers of the packets. But again, that's not going to do you any good. You don't capture any of the payload then. Conclusion: Way more trouble than it's worth, and to do what you're talking about will cost a lot of money. Don't bother. Frankly, if you're client is that concerned about the traffic coming out of the house, wipe all the computers to remove any potential malware on them already, install a fresh OS, install your own keyloggers on the systems if it's the human element you don't trust, and be done with it. It's invasive as hell, but it's a lot less sinister, and easier, than trying to play the panopticon game.
  • by Shalmendo (2643729) on Monday May 21, 2012 @10:55AM (#40064681)
    I admit the scope of the project is overwhelming, and I've told my client that he's asking for an NSA quality project. I will direct him to this post and your replies to help him to better understand the nature of his requests. Also, it appears that my article was truncated before being posted, so some of the explanatory bits were cut off, although the core of the question is still there for the most part. And yes, this is an actual client, not myself. I already suspected what most of you were saying, and tried to tell him that, but computers are a big 'mystery box' to him, and I can't seem to nail stuff home on my own. (IF it was myself i would have all already solved this problem.) Also, I'm a little surprised at some of the hostility and non-seriousness i've seen here, but I suppose it is to be expected considering alot of the drama and arguing i've seen going on in other arguments. When I originally wrote the article, I did specify 'serious answers only please, I don't want to start an argument, but a bunch of random answers that are unrelated won't help me solve this problem' And to be more specific, it's a home network with a cable connection. (I obviously can't be too specific due to his need for anonymity to avoid 'alarming' his family to his clandestine monitoring intentions). He does reasonable cause for suspecting something is going on and just needs to have information available to aid him in making decisions about some unusual behavior. and yes, I know that you can't get 'screenshots' right off a client PC through a network, by screenshots i meant some kind of recreation of a visited website, or just text information in printable form off some kind of analyzer software. I really would like to solve this problem, but I agree it's an excessive project. He wants the moon without having to go there to get it, type of issue.
    • by Neil_Brown (1568845) on Monday May 21, 2012 @11:20AM (#40064981) Homepage

      Noting that you say:

      I will direct him to this post and your replies

      I guess I am a little surprised that you go on to say:

      I ... tried to tell him that, but computers are a big 'mystery box' to him, and I can't seem to nail stuff home on my own ... He wants the moon without having to go there to get it

      Surely not a good idea to say such things about a client (under a profile of the same name as that of the submitter), whilst saying that you are going to suggest that he reads the thread?

      avoid 'alarming' his family to his clandestine monitoring intentions

      This rather emphasises my view that you should either get a good quality (does he have much money?) indemnity from him that what you are doing is legal, or else be *very* sure of your own legal position (and, perhaps, his)... It would seem to be more than avoiding scammers if there is a fear that those within the network would be alarmed, rather than being consulted, and being grateful for the protection they were offered?

    • by spacepimp (664856)

      I have had similar requests from a family who was concerned for their daughters welfare. The parents genuinely loved the daughter and were not over protective and had a reasonable justification for their concern. A simple solution was webwatcher monitoring software. you can look it up at webwatchernow dot com. use your best judgment in getting involved, both ethically and for legal reasons.
      Another request was for an office which was being run by a former congressman. There was plenty of back and forth abou

    • by u38cg (607297)
      You clearly have no idea how fucked up what you're asking for is. Tell him to solve his problems like a grown-up, or contact the police if his problem is that serious.

      Otherwise, install net-nanny and move on. And you're a fool for taking this brain-dead project this far.

    • For what it's worth, with my family I combine educaiton with tracking so that I can best help my children understand what they are doing. They are young and have a tendency of making bad choices (like most of us). So, I use PyKeyLogger [sourceforge.net] from Sourceforge on my machines .

      My children know that if they make a mistake they just have to be honest about it and let me know and there's no problem. If they try to do something they know they aren't allowed to do and I see it in the logs then they lose privileges for
    • You might think this isn't likely to come up, but you have to bear in mind you're not just intercepting his family's communications by doing this but any guests and also the communications of anyone who is communicating with his family. I'm assuming by your reference to the NSA that you're working with someone from the United States and this makes things tricky. Many people mistakenly believe, "well I paid for it, I can do what I like with it", but this is not the case, particularly with communications se

    • by Fwipp (1473271)

      So, you lied about the scammer bit, because you knew how incredibly creepy the truth sounded?

    • He does reasonable cause for suspecting something is going on and just needs to have information available to aid him in making decisions about some unusual behavior.

      Then you're being coy with us about details that would really help you get good answers about this situation. And most likely, these answers will not be technological, but rather revolve around (a) seeking marriage/psychological/etc. counseling, (b) contacting law enforcement, or (c) just talking to his wife/children about what's going on.

      The biggest favor you can do for this guy is to not indulge his creepy need to spy on his household. It's passive aggressiveness at its worst, when he really just needs

    • And to be more specific, it's a home network with a cable connection. (I obviously can't be too specific due to his need for anonymity to avoid 'alarming' his family to his clandestine monitoring intentions). He does reasonable cause for suspecting something is going on and just needs to have information available to aid him in making decisions about some unusual behavior.

      In other words, he thinks his wife is having an affair and has seen some "unusual" transactions on the credit card or caller ID numbers, and is trying to gather "evidence" to use against her.

      If you're the client, this is a hugely bad idea and could get you in very, very big legal trouble.

      If you're not the client, then this is still a hugely bad idea and could get you in legal trouble.

      Probably the second best move for you is to contact the wife and let her know what you've been asked to do. You might even get a larger paycheck out of it that way.

      But finally, the first best move for you is to contact a qualified divorce/family law lawyer in your jurisdiction. Because before you take any further moves, you want to know which ones will get you sued and which ones will get you in jail.

    • by djbckr (673156)
      In addition to the comments above yours, I get the idea based on your clarification that he thinks computers work like they do on TV, like how they hack networks on CSI, NCIS, Person Of Interest, etc, etc. If he watches any of those shows, tell him that it's PURE FICTION. Things just don't work like that.
    • by jtara (133429)

      What your drug-lord client is asking is impossible.

      You're only going to be able to look at unencrypted traffic. MOST messaging is encrypted. iMessage is encrypted. Even in-game messaging, like in Words with Friends, etc. if it isn't encrypted now will be in the future, becuase of public criticism in the press about apps that have unencrypted messaging. So, I think you will see most smart-phone apps go to encrypted-everything for communication to their back-end servers.

      The only thing that will work is to jai

  • Get a Palo alto firewall. You can filter by application, and even make firewall rules like "allow reading of facebook, but disallow posting", or even "disable attachments".

    Of course, you didn't exactly specify budget...

  • Get a router compatible with tomato firmware, install tomato, and then install rpcapd on it (no need to compile from source, there are standalone binaries out there compiled for your router's CPU). Then use wireshark to monitor and capture the traffic. After that you can take your pick of software to parse the pcap files.

  • Because I would not touch that project for less than 5 figures plus an ongoing support contract of at least very high 4 figures or low 5 figures.

    I am highly suspect of the "protect his family from scammers" and the "monitor and record all outgoing traffic"

    If he is really interested about protecting his family from scammers then educating every in the home that "everything on the internet is a scam unless you personally know the person" is all that is needed.

    Finally, if a lot of ipads and iphones are invol

  • They have a whole army of people trying to do this, and yet some stuff still gets through.
  • I once achieved this on web traffic for a large corporation back in the days where internet @ work was "new" and pr0n was the main "misuse" in working hours.

    I proposed to do it as ethical as it could be done, so we agreed about obfuscating domains, the idea was to educate users that were "new" to internet, so the administrator would only get notice about a "violation of terms". (using regex for the usual++ pr0n and other stuff related terms).

    There was no actual "snoop", no logging, just a hint on who to tal

  • by gellenburg (61212) <george@ellenburg.org> on Monday May 21, 2012 @11:17AM (#40064941) Homepage Journal

    Google pfSense and set it as your firewall.

  • (This is my first comment as I'm the king of lurkers.)

    I am a Linux hobbyist and can comment on the Linux router option. Totally free if you have old hardware, but limited and will not cover all of your listed requirements.

    This sits between my ISP's provided modem and my wireless router which serves the living room computer, bedroom, office, and a wireless laptop and phones using wifi.

    I use Debian 6 on an old Semperon with 1 gig of RAM with two NICs. Overkill I know, substitute your hardware on hand an

  • by Alioth (221270) <no@spam> on Monday May 21, 2012 @11:21AM (#40065003) Journal

    You need to consider that these days people are starting to use HTTPS by default for things like Facebook. You won't be able to inspect the contents.

    If it's scammers he is genuinely worried about, education will solve it, not monitoring (which will catch it too late, after the scam has already started).

  • by vlm (69642) on Monday May 21, 2012 @11:25AM (#40065077)

    My client is trying to protect his family from scammers and other unsavory types, and isn't savvy in this matter, so i'm doing it for him.

    combined with

    After days of discussion with the client

    LOL. If someone can't be educated in "days" then they simply can not be protected from themselves. By "unsavory types" I assume he means us /.ers, which makes it even funnier. Would you trust me with your 19 year old daughter? Thought so. Well, she'd probably kick my butt anyway so don't worry too much.

    I must be the only guy in /. with little kids that click on every spam popup window and sign themselves up for anything because... they're little kids. That is why their monitor is in a public part of the house easily viewed about 5 feet from my home office desk. My wife and I have caught them doing all kinds of ridiculous stuff and have (mostly) calmly used those events as "teachable moments", with excellent results. We've caught them watching remarkably inappropriate youtube videos, applying to work at the local Culvers (he was only 7 at the time), installing all kinds of spyware toolbars and stuff (whats more evil than a kids TV show that only exists to sell toys? I know, a kids game that only exists to install spyware! ). I'm pretty close to wiping his machine and installing debian, but people keep buying him windoze only "educational software" to my intense annoyance.

    Also I must be the only guy with elderly relatives with a known proven tendency to fall for telemarketing pitches (clean your furnace ductwork for $400? Hearing aid for $5000?).

    There are reasons to block/track/examine/log things beyond trying to catch the wifey cheating with the pool boy, in fact keeping a really close eye on little kids and elders is being a nice civilized responsible guy, not a jerk. In comparison "easily read evidence" and "use as proof" is simply being a jerk.

    I will suggest that printing this ask /. out and giving it to the client will probably be extremely educational for the client. Probably this is one of those "the client is a little overbearing and I need some backup in arguing with him" situations. We should demand a cut of the proceeds from the consultant; maybe a tithe to the EFF would be appropriate?

    • by Matheus (586080)

      Off topic but hey why not help you with your problems too!

      Do it. Wipe their machines and install Debian. Then install Windows in a VM and periodically update a base image every time they get some new edu-software. When they, inevitably, screw up? You drop back to the base VM (little to no labor). If your kids are smart enough you can even teach them to save their data files to a local shared or network storage device so you really lose nothing when you have to ditch the VM and start with the base again

  • This seems like a big overarching project that isn't going to be possible. It reminds me of a request that I got from my client: He wanted to be able to block his employees from wasting time on Facebook. I told him that I could block sites easily enough, but it's not foolproof and a savvy enough user may be able to get around the blocks. The client then explained that he *didn't* want Facebook blocked, because his employees were involved with social networking campaigns and they needed to be on Facebook.

  • by kimvette (919543) on Monday May 21, 2012 @11:38AM (#40065231) Homepage Journal

    A few things:

    Better firewalls, including even the lowly dd-wrt and the now-defunct Snapgear, support syslog so you can capture and create your own custom reports, and dd-wrt reports total bandwidth usage on a daily, monthly and and annual basis and will retain that info until you do a reset (or until it runs out of NVRAM). It can come in very handy if your ISP claims you hit your bandwidth cap.

    Another thing you might want to try is IMFIREWALL/WFilter in monitoring mode to see which users are doing what on your network. What is required is to either put a port on your switch (connected to your gateway/firewall) in either promiscuous mode or a two-way mirror to the port that connects to the firewall.

    http://www.imfirewall.us/WFilter.htm [imfirewall.us]

    It will report the number of hits to instant messaging, streaming, social networking, porn, gambling, stock trading, and any other criteria you can think of configuring. You can also put it in filter mode so it will basically kill any requests that you disapprove of, but in monitoring mode you can create custom reports of who is doing what.

    Other firewalls will include these features as integrated, but some vendors (Cisco, Sonicwall) won't sell you the complete feature set for a flat price; they nickle and dime you because it's more profitable, and when the unit dies, good luck transferring those purchases.

    You might want to check out m0n0wall as well, and get a good syslog app so you can capture detailed logs and create your own detailed status reports.

  • Greetings,

    As a network engineer for a major financial trading company I've some experience in this area. I've also served as a network engineer for several companies in various fields (Internet Service Provider, Professional Services Vendor, Extremely Large Retail (Borders... I'll miss you.). In my experience traffic monitoring becomes a key requirement of any efficient & secure organization and a key responsibility of any qualified network engineer.

    Depending on context traffic monitoring has sever
  • by rrossman2 (844318) on Monday May 21, 2012 @11:55AM (#40065497)

    "and some game called 'words' which has message capability"

    So the guy wants to wire tap everything they use, period. Even a freaking games? Most of those games already filter "bad words".

    One thing you can do is set all their DNS servers to use OpenDNS's FamilyShield. It will do a pretty good job of filtering bad sites/etc at the DNS level.
    As for logging, I wouldn't. That just sounds like not only violating your family's privacy (okay so they're under-age? That may be okay) but should anyone else happen to use the device and have no clue the things they were typing or doing were being recorded could pose a big issue.

    It's a thought anyhow.

  • As has been pointed out, deep packet inspection of everything isn't realistic.

    You might start by logging websites visited, either with local monitoring or using open dns.

  • Apologies (Score:4, Informative)

    by Shalmendo (2643729) on Monday May 21, 2012 @12:07PM (#40065653)
    While I'm not a troll by any means, the level of hostility and such has led me to feel it would be a good idea to apologize to everyone for having wasted their time with a ridiculous inquiry. Trolling was never my intention, but it appears I may have done so unintentionally by asking to be informed by people that are experts of many fields, and intelligent and well educated, so you all have what apology I can offer. And I'm quite serious. I don't think I can really say anymore, so I'll leave it at that, link my client to this article, and let him judge for himself.
    • by jtara (133429)

      Really, the only reason this was ever voted up from the firehose is because it was a darn good troll.

      I love all the show-off posts trotting-out incredibly detailed and complex solutions that won't work.

      There's no need to apologize. You provided a few mintues of great entertainment. It's what Slashdot is all about!

      Sadly, it's not just entertaining - it's depressing - to see so many "experts" sucked-in by this. I think many of them actually think their solutions would be useful.

  • This sounds obsurd, but the guy needs to install video cameras pointed at all this computers. If its truly educating his family that is his goal, the sheer obtrusiveness of this idea will prove a point and make family members careful. And if they truly are ignorant of possible threats and do something that compromises security, then they can go over the footage together. Should be easy to install, fairly cheap and get the point across. How did this make front page?
  • by jones_supa (887896) on Monday May 21, 2012 @12:22PM (#40065843)
    Wow. I wonder if that is actually the longest summary ever posted to /.
  • You'll never be able to filter the scammers completely no matter what you try. If you can't detect a scammer right away yourself, doing so afterwards by processing log files won't change that, you'll still get scammed. At best you'll be able to filter 99% or so of SPAM email and some known malware and viruses. Expecting a mini-barebone to be able to handle any serious internet filtering is also not realistic. Stuff that will filter even a minimum of multi protocol internet access, requires quite a lot of CP

TRANSACTION CANCELLED - FARECARD RETURNED

Working...