View Single Post
  #9   (View Single Post)  
Old 17th September 2008
Bruco Bruco is offline
Fdisk Soldier
 
Join Date: May 2008
Location: Kalamazoo, MI, USA
Posts: 61
Default

Well, you've nailed it - that IS my goal. What (if any) are the ramifications of running Wireshark continuously? I know I could put filters on it to only see port 80 traffic, but it's still processing all those packets. Is that going to be too memory-intensive? And how "readable" are the results to someone that isn't as technical?

I did try out Squid last night on a fresh FreeBSD 7.0 install in a virtual machine. I set it up and then used it as the proxy server for my workstation. It worked really well. I also installed SARG to do log file analysis, and it basically gives me exactly what I want - easy to read HTML reports that reflect what sites were visited from what IP.

So, no, obviously I don't need a proxy - and doing things this way necessitates adding read-only proxy server settings for all browsers on all workstations so users can't change them (which I can do, not that big a deal).

But am I going to get the nice reporting options, with resolved IPs, organization by workstation IP or user ID, etc, by using a packet sniffer? I suppose if there are log analyzers for Wireshark that can do the same thing as SARG does for Squid logs, and if I can run Wireshark continuously without issue, it could work.
Reply With Quote