Monitoring user activities on home network

Status
Not open for further replies.
T

terrymate

Posts: 10   +0
I am using Unifi devices (Unifi Dream Machine as router, and Unifi Access Points and Switches). Though the device touts to have DPI (deep packet inspection), yet I am not able to get the live nor recorded/stored visibility of :

-> Where users are going (websites, or apps)
-> Block their usage (websites and/or apps)

Is there a device that I can introduce in the network (without replacing my router) which can monitor users behaviors and block accordingly?

I don't mind using VM's too.

Thanks
 
Whenever I blocked websites or services I did it through DNS. Using OpenDNS.
You may be able to use something like a pi-hole to get similar results.
 
Last edited:
Gabriel Pike said:
Whenever I blocked websites or services I did it through DNS. Using OpenDNS.
You may be able to use something like a pi-hole to get similar results.
Click to expand...
Unfortunately, instagram app so as whatsapp app (via mobile phone) is not blocked using OpenDNS and alike services. I'm still finding it difficult, any other luck?

What about monitoring?
 
terrymate said:
Unfortunately, instagram app so as whatsapp app (via mobile phone) is not blocked using OpenDNS and alike services. I'm still finding it difficult, any other luck?

What about monitoring?
Click to expand...

With the method gabriel mentioned should work fine.

I run a pihole myself and it should be easily blacklisted by entering the domains. bear in mind that the mobile app in the background probably has different links/domains which are used to connect to their backends.

You can try a packet sniffer such as wireshark trace the domains and block whatever necessary.
 
MattS said:
With the method gabriel mentioned should work fine.

I run a pihole myself and it should be easily blacklisted by entering the domains. bear in mind that the mobile app in the background probably has different links/domains which are used to connect to their backends.

You can try a packet sniffer such as wireshark trace the domains and block whatever necessary.
Click to expand...

Thank you for the guidance. What about live monitoring of where users on my network are going to?
 
terrymate said:
Thank you for the guidance. What about live monitoring of where users on my network are going to?
Click to expand...
With the Unifi DPI feature you should be able to see this I think maybe some rules have not yet been applied to it if it is not collecting the necessary data

Pihole also does this.

Edit: For live there are options and sections which shows you when the client was last active and all the timestamps of each query and is easily traceable.

Example: The below has some bad practices. I am showing you my own mobile device. Ideally since you know whos phone this is you can setup static reservations/dns names for devices for easier identification.

1615700111003.png

1615700136369.png

While I think blacklisting and tinkering with this stuff is ok, please be careful because at the end of the day you should respect others privacy especially if this is going to be setup at home.
 
jobeard said:
Sadly this is true as the path via the cell tower does not engage the LAN ISP DNS.
Click to expand...

All the mobile devices are connected via the wifi (and not via the cell tower). However, the mobile apps must be using backend links that are not seen or blocked by the ISP DNS. Thats my opinion.
 
MattS said:
With the Unifi DPI feature you should be able to see this I think maybe some rules have not yet been applied to it if it is not collecting the necessary data

Pihole also does this.

Edit: For live there are options and sections which shows you when the client was last active and all the timestamps of each query and is easily traceable.

Example: The below has some bad practices. I am showing you my own mobile device. Ideally since you know whos phone this is you can setup static reservations/dns names for devices for easier identification.

View attachment 87579

View attachment 87580

While I think blacklisting and tinkering with this stuff is ok, please be careful because at the end of the day you should respect others privacy especially if this is going to be setup at home.
Click to expand...

Thank you and I agree entirely on the privacy concern. What I wish to be able to do is really protect our children (users) by knowing what they do, and also how to block non-good places they may go.

Is there specific app or device which would do the job? I feel pi-hole job is really to block ads.
 
Blocking from Pi-hole is simply being suggested since most people already filter out ad's and domains from it. It simplifies the setup quite heavily.

What you can do is check if with the DPI in unifi if you can extract a list of content and block it.

Strictly speaking you can block any traffic you want from the firewall but then again, it will take a lot of manual intervention.

What could probably help is maybe investing in a software or lookup a firewall or agent solution which has a predefined block list and tick it for the appropriate device.

Sophos have some great solutions I think Sophos UTM can do the job you are looking for, its free and can be run in a vm however this will require quite some tinkering.
 
MattS said:
Blocking from Pi-hole is simply being suggested since most people already filter out ad's and domains from it. It simplifies the setup quite heavily.

What you can do is check if with the DPI in unifi if you can extract a list of content and block it.

Strictly speaking you can block any traffic you want from the firewall but then again, it will take a lot of manual intervention.

What could probably help is maybe investing in a software or lookup a firewall or agent solution which has a predefined block list and tick it for the appropriate device.

Sophos have some great solutions I think Sophos UTM can do the job you are looking for, its free and can be run in a vm however this will require quite some tinkering.
Click to expand...

I read and know about Sophos UTM. However, will this mean I have to replace my current firewall (the UDM router)?
 
terrymate said:
I read and know about Sophos UTM. However, will this mean I have to replace my current firewall (the UDM router)?
Click to expand...

Not really, you can put the UTM vm in-between the Unifi and the clients.

For the scope of this I think it would be best if you check on the unifi solution first.

Do you not have the below section on your unifi controller? You should be able to specify exactly what traffic to block.

1615735655047.png
 
MattS said:
Not really, you can put the UTM vm in-between the Unifi and the clients.

For the scope of this I think it would be best if you check on the unifi solution first.

Do you not have the below section on your unifi controller? You should be able to specify exactly what traffic to block.

View attachment 87582
Click to expand...

Yes I do but it is pre-configured, I can't for instance block a site of my own selection. Only configured categories. Also, when I block social media e.g. instagram, it only blocks the website but using app, it works despite it :(
 
Last edited by a moderator:
I think you can add a new category,

tonight I will try to check with wireshark regarding instagram and will let you know.
 
MattS said:
I think you can add a new category,

tonight I will try to check with wireshark regarding instagram and will let you know.
Click to expand...

Thank you Matts. I appreciate it.

On different note, I tried using pihole to block instagram but only thing success was the web and not app instagram.

Out of curiosity, do I install Wireshark on my local PC then monitor the interface? Hows setup like and what should I ensure in terms of settings and configuration to monitor?
 
terrymate said:
Thank you Matts. I appreciate it.

On different note, I tried using pihole to block instagram but only thing success was the web and not app instagram.

Out of curiosity, do I install Wireshark on my local PC then monitor the interface? Hows setup like and what should I ensure in terms of settings and configuration to monitor?
Click to expand...
You need a wireless device like a laptop and connect to your home wifi network that way you can intercept all wireless traffic on your network including your mobile traffic.

Please remember that any blocking you can do down the line can be easily avoided via vpn or turning 4g on.
 
MattS said:
You need a wireless device like a laptop and connect to your home wifi network that way you can intercept all wireless traffic on your network including your mobile traffic.

Please remember that any blocking you can do down the line can be easily avoided via vpn or turning 4g on.
Click to expand...

Perfect. So:

1) install wireshark on my wireless mac.
2) configure capture on promiscuous mode on wifi interface
3) view the traffic from the source I.e. mobile IP

Am I on right track?
 
Done. However, there is too much information for me to look into :) What I did to progress is filter the information to only source IP, however, there are too many protocols http, tcp, dns, etc. Also going over each protocol, I was not able to find for instance when I browsed cnn.com , I couldn't be able to see it in any of those protocols. So, is there a guide you can advice? Let's try one thing.

For instance, can I see http(s) requests and if so to what sites or IPs is it going to? how can I find that out if you can provide me example to try and then I will be able to probably find out how does devices log to instagram app.

Thanks Matt
 
Status
Not open for further replies.

Similar threads

Julio Franco
The complete list of alternatives to all Google products
2 3 4
Replies
98
Views
34K
wizardB
wizardB
Ivan Franco
  • Locked
The best password managers
2
Replies
39
Views
8K
ttrtilley
T
Ivan Franco
Parallel Universe: A list of alternatives to all Google products
2
Replies
36
Views
5K
regiq
R

Latest posts

Back