Security Basics mailing list archives

Re: Investigation- Web pages visited

From: "Bryan S. Sampsel" <bsampsel () libertyactivist org>
Date: Wed, 2 Nov 2005 13:52:43 -0700 (MST)

Set up Ethereal and have it sniff for that site...you should be able to
dissect the traffic from there and get your information.

The other option would be to set up a web proxy and switch everyone over
to it, have it log web usage, and sift through the logs.  Not my idea of
fun, but hey.

The Ethereal (or Sniffer) solution is much more targeted on a suspected
problem and less of a shotgun approach.

Sincerely,

Bryan S. Sampsel
LibertyActivist.org


Steve Barron wrote:

Hi

I am trying to investigate some possible corporate policy violations,
mostly
involving porn.  My IDS matches rules for certain criteria and looks for
banned words in html.  When I get the ip, i can query it, but most of the
time I get info about a hosting provider.  When I attempt to access the ip
http://155.X.X.X i get either some generic page or a 404 error.  Is there
any way to find out what sites are hosted at a given IP?  My logs have not
been much help for this.

Thanks

Steve

Current thread:

Investigation- Web pages visited Steve Barron (Nov 02)
- Re: Investigation- Web pages visited Bryan S. Sampsel (Nov 03)
- Re: Investigation- Web pages visited Saqib Ali (Nov 03)
- Re: Investigation- Web pages visited Brian Loe (Nov 03)
- RE: Investigation- Web pages visited David Gillett (Nov 03)
  - Re: Investigation- Web pages visited Austin Murkland (Nov 04)
- Re: Investigation- Web pages visited Mark Owen (Nov 07)