Hi, On Wed, 17 Oct 2007 10:38:10 -0400 James Colby <[EMAIL PROTECTED]> wrote:
> I am looking for some advice. We have a user on our network that we > belive may be making inappropriate forum posts, violating our TOS for > internet usage. I am looking for some recommendations of software > that I can install on Gentoo server to help us monitor these posts. > Can anyone recommend a proxy package that could help me to monitor > this. I would prefer to do this transparently but we do have access > to configure a proxies on the users browser. Is this something that > Squid can do? You won't get HTTPS traffic without spoofing certificates, which might not get trough unnoticed. But HTTP is just plain text, so probably you can just run $ tcpdump -w - -i ethN -s 1600 port 80 and src 192.168.your.enemy | tee fulldump | strings for one or two days and be done with it. Note that the traffic you're interested in the most is outgoing traffic (HTTP POST) if you're looking for offensive communication originating from that user. Of course, all of this is probably illegal if that user hasn't agreed on monitoring measures (which means you'll probably not be able to use it as a proof before court) -- and even that might be prevented by local law. Also have a look at the dsniff package, especially at urlsnarf. But this would just give you the URLs... -hwh -- [EMAIL PROTECTED] mailing list