Network traffic sniff and / URL sniff / and password sniff



  • Hi Everyone,

    I am wondering what add on packages or built-in features of pfSense 1.2x or 2.0x allow for monitoring of network. I have full control of the pfSense router which serves as the DHCP provider for my network. I want to see a sort of daily report of sites visited. And on occassion I want to see the sort of data transmitted to the sites visited or even chat logs using MSN, Yahoo messenger etc…Furthermore, I would like to sniff passwords and basically any data that is available on the network.

    I would like to know if there is any way I can grab these in an structured way rather than going the route of setting up a sniffer and ettercap etc...

    Please let me know if any of the above requirements are easy to do with help of pfSense.

    Thanks



  • Atleast in 1.2.3 is a package called imspector. That can provide detailed information of instant messengers-.



  • Thanks.

    Anything else guys? Any more detailed programs to at least log the sites visited if not the content?

    Thanks



  • With squid it's afaik possible to log what sites have been visited.


  • Netgate Administrator

    Yes, install squid in transparent mode and it will log sites accessed through the proxy.

    For more detailed information you can use the packet capture facilities built into pfsense and analyse them later. Of course that's not practical unless you know roughly where to look in the first place.

    Steve



  • Thanks for the inputs.

    ARP poisoning wlan using BackTrack is a no-brainer. It acts as a proxy between client and services like Gmail and Hotmail to forward user to HTTP site rather than HTTPs hence allowing to see the password in plain while sniffer is used. But since I have full access to the router, I am wondering if I should be able to do this without any other software help by simply forwarding HTTPs requests to HTTP and then sniff packets.

    Can someone please shed light on what I have to do to achieve that (how the forward should be set in iptables or somewhere on the GUI). I think there is a packet sniffer already built-into pfsense if I am not wrong?!

    Thanks for your input again.


  • Netgate Administrator

    A lot of this stuff is beyond my experience. I'm aware it can be done but I've never tried it.
    I assume you are using this on your home network and not some public hotspot!  :P
    I'd be interested in your experiences if only to get some idea of how straight forward it is.

    Here's some info on the packet capture facilities in pfSense.

    Steve


Locked