How To Watch What Other Users On My Network Doing?

[Schweinsteiger]

I have a NETGEAR & 3Com routers connected via WDS Its secured with WEP ..

when I log in in the admin router I can see the people connected , so I know there IP's and Mac no. haw can I see what there are surfing or doing without accessing there PC's ??

I tried wireshark and it didn't work because it only shows my activity not others !

this not stalking or anything its just my sister using internet at 4 am thats it ...

 

[k.jacko]

all you can really do is open up the router logs to see the traffic and what websites/IP addresses were visited etc.
At 4am i presume she is the only one using the net at that time, so its not hard to filter out.

 

[Schweinsteiger]

i tried that but the log doesn't show any links or traffic , its only shows who connected and logged in !

 

[k.jacko]

really? should be more than just one log to en able on the routers. My netgear has 3 from memory.

 

[raybay]

Who or which is the administrator?

 

[Schweinsteiger]

3Com is the admin router and we connect via the netgear router

 

[LookinAround]

dunno about router logs but as for

I tried wireshark and it didn't work because it only shows my activity not others !

you should be able to see all network traffic assuming:
>> Your network adapter and wireshark are both configured for "promiscuous" mode

(i.e. to pickup all network packets vs. just packets for your own IP/MAC address)

 

[Schweinsteiger]

dunno about router logs but as for you should be able to see all network traffic assuming:
>> Your network adapter and wireshark are both configured for "promiscuous" mode

(i.e. to pickup all network packets vs. just packets for your own IP/MAC address)

how do i do that ?

 

[mflynn]

You must have a lot of time or a small network. To take the time to watch cryptic packets pass by!

I would install VNC on all stations, then hide the VNC Tray icon (do google search for "hide vnc icon")

Then create a folder of shortcuts to each machine using Vew only so as not to allow your mouse to move on their screen, You could have several open at once and even capture sessions to replay.

Mike

 

[raybay]

Be aware that in some states, what you want to do is illegal without proper notice to the persons being viewed. It can be an actionable claim in a dismissal, and can be used against persons in the organization in discrimination actions.

You might want to review your organizational policies, and applical governmental regulations...

You might also find yourself in difficulty with other organizations who send private internet communications to people in your organization.

 

[Schweinsteiger]

^^^^^

thanx bro

 

[LookinAround]

<snip>
You might want to review your organizational policies, and applical governmental regulations...

You might also find yourself in difficulty with other organizations who send private internet communications to people in your organization.

Clarifications:
1) In organizational/corporate environments, employees generally have NO expectation of privacy when using corporate equipment. (i.e. in general, employers have the right to listen to phone calls, email, web sites visited, etc) if you're using their phones, computers, etc.

2) It's a different story when one is using their own personal equipment

3) Tho, regardless, in this thread for this case i think the law applies less and i'd guess Mom and Dad will be the governing body! That said, i'll add:

4) Mflynn: Hmmmmmm.. Very sneaky! Maybe a bit too much so! Especially if it means installing software on someone else's computer (kinda like the difference between going into your sibling's room and digging through their stuff vs. finding something in the hallway closet)

5)As for wireshark packet monitoring on a network,

Check you have recent versions of Wireshark and WinPcap. (Did you let wireshark also install WinPcap?) Under Edit->Preferences->Capture make sure your adapter is default and Promiscuous option is checked. You'll also find Promiscuous mode options under Capture->Options and Capture->Interfaces. Also i'm assuming you are running with a userid with admin rights?

When looking at data with Wireshardk, one can also have wireshark filter the display packets to only show http packets to/from the IP address of your choice (e.g. a specific computer on your LAN)​

 

[LookinAround]

Apologies for double posting but want to make sure this additional info is noted as well....

1) Not that i'm promoting network "eavesdropping" for the purpose of spying on a sibling! but i like to promote how incredibly handy a tool Wireshark can be!

So in addition to noting you can set a Wireshark filter to only display http packets to/from a specific LAN address, note you can also have Wireshark automatically do IP address to host name translation for you (so the packet displays also show you a name like www.google.com vs. just its IP address). Click Edit->Preferences->Name Resolution and check its options as needed

2) In addition to setting Wireshark for promiscuous mode (and using WinPcap with Wireshard) you MAY need to set your network adapter as well. If so, find your network adapter model and find its manual online. Or just google a search term something like Network Adapter Promiscous Mode and add your adapter model to the search string!