Viewing Current Traffic

Hrm I remember having a prog which did this before but the name now escapes me and for once google has not been able to provide the answer (prolly to me searching the wrong terms more than anything else)

Basicaly what am looking for is a realtime monitor which displays all connections over my own internal network (to/from this machine) as well as internet connections.

However I need something that will not only show the usual prog/ip connected to/from but also the full URL

anyone got any ideas?

ta

v

You can setup rrdtool. Its a very good and detailed package to monitor all sorts of things.

http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/

We use it at work and its very good imo, and if you happen to have a lil serverbox running on your network,
is even better, since you can monitor multiple devices at the same time.

Cheers.

I like TCPView from Sysinternals:

http://www.sysinternals.com/Utilities/TcpView.html

It'll show all TCP and UDP connections real time. It doesn't show the full URL but it will show you your http/https connections out to remoteHost:xxxx. It's a decent little program.

I use this a lot to see which programs are trying to call home.http://www.snapfiles.com/get/activeports.html

I misread a bit. Thought you were looking for bandwidth monitoring and such.

On windows you have some decent firewalls that have those things builtin, like Agnitum Outpost and Sygate PF. I like both their monitoring. Also Activeports is quite good in showing as well a netstat -a . :s

Under linux i simply use : 'netstat -edap | grep ESTABLISHED' or 'netstat -edap | grep LISTEN' to view those sockets listenening and active connections.

thanks for he suggestions guys but am afraid just seeing the IP an app is connecting to wont cut it I need to see the exact URL of where it is connecting to as well.

anyone came across anything which will let you do this?

Then you should use a proxy and a firewall where your firewall only lets your proxy on the net.

For.ex.
- install apache and squid on a seperate box
- only let that box browse on the internet by restricting on your router/firewall
- point all browsers to the proxy (check the preferences of the browser itself)

Cheers.

What about using a sniffer like ethereal, http://ethereal.zing.org/
they have both linux and windows versions, you will also need winpcap
http://www.winpcap.org/

You could also try URLSnarf
http://wiki.hping.org/123

The only thing I can think of is traditional packet sniffing, either from your firewall, a box on your internal network as long as it's not a switched network, or locally on your host box. I usually use tcpdump, Ethereal, and/or EtherApe, but I usually have a narrow band that I'm looking. With tcpdump and Ethereal you can see the payload, which will have the URL. EtherApe is a "pretty" gui of what the networks doing; nice for a quick view. There are loads of programs out there that do these types of things but I have not played with them.

Sorry, the url above for urlsnarf is invalid, urlsnarf is a part of DSniff
http://www.monkey.org/~dugsong/dsniff/