Adjusting Ethereal's Capture-Filters for Web-Address filtering?

Hello,

I guess this question must have been asked before but I haven't found
any answers. My boss has told me to find out which web addresses within
the company are surfed to when he is on holidays.

The network is handled by a w2k server. For the stations the server acts
as gateway whereby it is forwarding internet traffic to a router which
is connected to the dsl line. So every traffic passes the server. I
installed Ethereal and played around a little bit. I already found out
how to filter all traffic on port 80. But of course this only returns
the data traffic between the two computers ip-addresses.

I guess I have to filter just the requests of the workstations to the
dns server, haven't I? With this I could theoretically see which
addresses are to be solved, am I right? How do I do this/which port do I
filter for name resolution?

Thanks and best regards,

Felix Eggbert, Germany

Felix Eggbert wrote:

> I guess I have to filter just the requests of the workstations to the
> dns server, haven't I? With this I could theoretically see which
> addresses are to be solved, am I right? How do I do this/which port do I
> filter for name resolution?
>

I think your best bet, would be to monitor the connection to the DSL. That
way, you can eliminate all local traffic. Get yourself a cheap hub (not
switch) to place between the router and DSL and connect your monitoring
computer. You'll then be able to monitor all traffic on the DSL, which you
can then capture, using port 80. More expensive routers & switches may
have a monitor port, which you could also use.

--

(This space intentionally left blank)