On Tue, 22 Mar 2005, John Cole wrote:
I'm not as interested in blocking as I am in reporting.
If you only want reporting of who goes where when then sniffing the traffic with a URL sniffer will quite likely do fine.
Some interesting sniffers for looking at web traffic flying by:
ntop - lots of graphs, usage reports etc in general about the IP traffic seen.
<url:http://www.ntop.org>
driftnet - show the images or MPEGs is being viewed by your users right now
<url:http://www.ex-parrot.com/~chris/driftnet/>
dsniff - What urls, files emails etc is being seen on the wire? <url:http://www.monkey.org/~dugsong/dsniff/>
ngrep - grep on your network traffic <url:http://ngrep.sourceforge.net/>
ssldump - analyze (and decode if yours) SSL traffic
This is just a small collection of the sniffing tools I have found useful over the years, apart from the pure packet sniffers like tcpdump or ethereal. A more comprehensive list can be found here: <url:http://www.stearns.org/doc/pcap-apps.html>
Regards Henrik
