Good follow-up, Cory. Another pertinent question that comes to mind: Is the LAN you are attempting to monitor fully switched, or is is using hubs? If it is not fully switched, then it is relatively easy to monitor local traffic from any network jack (b/c any user can see any other user's packets), not just the router/firewall.
More information is needed. What is your target information? *Who* is using, or *what* they're using? Or *how much*? Or do you just want to spy on users and invade their privacy as much as possible? = ) ciao, Ben PS - also, is the "gateway/router/firewall" a PC (linux/bsd/other?), or an embedded device (linksys/smc/cisco/etc)? Even though you say you do not have access, might you be able to get SNMP statistics forwarded for the purposes of your analysis, from this device? On Thu, 2003-02-27 at 22:37, Cory Petkovsek wrote: > On Fri, Feb 28, 2003 at 12:02:04AM -0600, Timothy Bolz wrote: > > Is there a program or network monitor which can tell when someone connect to > > the network and how long. > Tim, I think you need to define what you want a little more. > > > We have dhcp and people connect and disconect all the time. > Your dhcp leases file will show which mac addresses were leased to which ip > addresses. However this information expires after ____ (insert your default > lease time here). This file is stored on your dhcp server. > > > There are only a few computers which are on all the time. I'm > > don't have access to the gateway-router-firewall and do I need access. I > > need to know how if people are using it or not. > I think you are saying, "I don't have access to the firewall, but I need to > know how people are using the interenet." If that is so, which is still quite > a general statement there are a few ways you can monitor, however it requires > adding programs to your firewall: > 1) You want to know what services and ip addresses people are connecting to via > the interenet. You can use the logging facility within the firewall to log > this information (iptables/ipchains/other). > 2) You want to monitor what websites people are connecting to. Use a webproxy > like squid which and enable logging. > 3) You want to monitor bandwidth. iptraf for realtime stats. There are some > tools that will actually take logs, but I have not used them yet. I have some > emails stored from another list where there was a discussion on it. If this is > really what you want I can dig it up. > > > Mostly it's laptops being > > connected. I've looked up monitors in freshmeat and couldn't fine anything > > close to what I'm looking for. I could use the IP addresses as where and I > > wouldn't need how long they were on but it might be usefull. > I don't see how the ip address tells you _anything_. Your ip addresses are > assigned by the dhcp server. Someone plugs in, gets an IP and then unplugs. > What does the ip tell you? > > Maybe it would help if you talked more about what you are trying to acheive. > > Cory _______________________________________________ Eug-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
