#1  
Old 9th October 2009, 12:46
stefanos stefanos is offline
Junior Member
 
Join Date: Nov 2008
Posts: 29
Thanks: 6
Thanked 1 Time in 1 Post
Default remote network sniffing

Hi,

I am runnig a linux based router (wrt54gl) and is setup as follows:

WAN (connection to internet)
IP Address 192.168.1.4
Subnet Mask 255.255.255.0
Gateway 192.168.1.1
DNS 1 192.168.1.1

LAN (wifi)
IP Address 192.168.4.1
Subnet Mask 255.255.255.0
Gateway 192.168.1.4
Local DNS 192.168.1.1

I would like to log the http URL's (i.e. the GET requests) of the people connected to my LAN to a remote server.

As I am limited to use iptables.

1) Can I log from the firewall the HTTP GET URL's requests to syslog? If so can I have an example for the firewall rule please?

My BAD IDEA
I could use tcpdump on the remote server and iptables with the --tee option as follows:

Quote:
iptables -t mangle -I FORWARD -j ROUTE --gw [ip that's sniffing] --tee
but that will forward a copy of all the packets and given a 8 meg Down ADSL line / 1024 up I don't think this is a good idea.

Any help ideas please would be much appreciated!

Kind regards
Stephen
Reply With Quote
Sponsored Links
  #2  
Old 13th October 2009, 15:22
Ben Ben is offline
Moderator
 
Join Date: Jul 2006
Posts: 1,029
Thanks: 7
Thanked 62 Times in 56 Posts
 
Default

In case you want to log inside the http protocoll, you need to log on the app layer.
Thus i'd suggest to do so on your router with tcpdump, e.g. dst port 80. You could log into a named pipe, reading this into netcat. With netcat you can send this to another host, filtering out all get requests. The question is just if the cpu power is enough on the router.
Another thing you could do is to just allow http traffic through a transparent proxy, that might sniff this traffic, then.

If you want to sniff on the remote side, you could just check the remote webserver's logfile for these get requests.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
remote framework - is it customer or admin side? alipanick Developers' Forum 2 8th October 2009 21:35
Debian Lenny Xen Network Bridge Problems wmrwl HOWTO-Related Questions 4 30th September 2009 01:52
Newb: Result of nessus scan Slowhand Installation/Configuration 12 4th June 2009 16:31
Slow network performance reading data JoeySpace Installation/Configuration 2 10th April 2007 18:42
Perfect Xen 3.0 setup for Debian gurneyzap HOWTO-Related Questions 4 26th March 2006 12:30


All times are GMT +2. The time now is 20:18.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.