Monitor LAN users browsing history



  • Bear with me, as I'm a home networking noob....

    I have 3 children under the age of 7 who will soon be getting to the age where access to the internet could become problematic. I don't want to try to ban sites completely, as it is usually possible to circumvent bans, as I've learned from doing research. Rather, I'd prefer to be able to monitor what sites they've been going to, so that I can have discussions with them if I see things that concern me.

    I've been digging around online trying to find tools to do this, and I'm kind of shocked that this isn't easier to do. I first learned about OpenDNS, and I set that up. That isn't very useful, however, since all it shows are top level domains and even many of those are encrypted and don't provide any useful information.

    Then I learned about pfsense and squid. To test that out, I installed vm in VirtualBox running pfsense, and another vm running Ubuntu. I got squid and lightsquid configured in pfsense, and did some web browsing on the Ubuntu vm to test it out. All I'm able to see appears to be top level domains. So, for example, I could tell someone had been to reddit, which is fine, but not if they had gone to some hate groups sub-reddit, which I'd like to know about.

    I don't even know if this is possible to do, but is there anyway to get the level of detail you might get looking at a browser's history (individual pages on a domain), for every user on your network? Thanks in advance.



  • There are plenty of apps and software that you can install on the computer or personal devices that will log all the URL/URI/paths visited.



  • So you are saying this would be easier to accomplish on the device itself rather than at the router level? Seems like anything installed on the device itself would be easily circumvented. What software did you have in mind? The devices they would be using would be Windows and iOS.


  • Rebel Alliance Global Moderator

    @snyderman3000 said in Monitor LAN users browsing history:

    device itself would be easily circumvented

    By children under the age of 7?? Come on!!

    If they are early teen and hanging out with mr robot - then you might have some worry to do... But your typical kid sorry but no..

    But sure you can do it on the proxy.. But its going to be lots of noise, etc. etc.. You know how many queries get made on your typical website for ADs, etc.. And javascripts housed on CDN, etc. etc..



  • @snyderman3000
    It’s easier to circumvent but must easier to implement. It may make sense to create the kids a separate user account so they can’t disable/uninstall the software. On cellphones, use parental controls. Just Google parental control software.



  • @snyderman3000 said in Monitor LAN users browsing history:

    So you are saying this would be easier to accomplish on the device itself rather than at the router level? Seems like anything installed on the device itself would be easily circumvented. What software did you have in mind? The devices they would be using would be Windows and iOS.

    Yes.

    What you want to do is deeply inspect every packet of data going into/out of your router. Normally you wouldn't do this on a router because of the load it would create on the CPU and storage. I usually put a switch between the cable modem/xDSL modem and mirror incoming and outgoing data to another port on the switch. Connected to that port is something like Security Onion to do pcaps and put them into a database where they can be inspected and reported on.

    I push over 1TB of data though my home WAN every month, just to give you an example of the amount of storage you may need to do your reporting.

    If your kids are going to be using a couple of devices, you can install something like Net Nanny on it (not a recommendation, just an example of one such product), or if you are a Mac user you can turn on Parental Controls, and it will do some similar things.

    Anything can be circumvented, but let's put this into perspective, your kids are under 7 and probably don't have the skills to do that (yet).


  • Rebel Alliance Global Moderator

    Since you admit to being a home user noob... Maybe something like this would be more down with your skillset?

    https://meetcircle.com/