Posted: 21 August 2019. At: 9:26 PM. This was 5 years ago. Post ID: 13491
Page permalink. WordPress uses cookies, or tiny pieces of information stored on your computer, to verify who you are. There are cookies for logged in users and for commenters.
These cookies expire two weeks after they are set.

Wireshark is very useful for getting many types of information.

Using Wireshark to get information about the servers visited and traffic on your network is not as much fun as it used to be, but you can still get quite a bit of info even with an SSL connection. It is possible to get the name of visited websites even though they are using SSL. This posting tells us how: https://securitronlinux.com/debian-testing/how-to-filter-the-server-name-from-ssl-client-hello-packets-with-wireshark/. This still works and is very good for monitoring web traffic on your network.

Ubuntu Virtual machine running Wireshark.
Ubuntu Virtual machine running Wireshark.

This filter will only show requests to google.com, this could be used to work out if a certain site is visited that you do not want people visiting. And you can see which IP address is visiting this URL.

ssl.handshake.extensions_server_name == "www.google.com"

This filter will restrict it to a certain IP address and will show if they are accessing google.com.

ip.addr == 192.168.1.3 && ssl.handshake.extensions_server_name == "www.google.com"

Another filtering approach is to filter by MAC address.

eth.addr eq D0:50:99:0D:AB:0F

Combining this with the previous filter to see if this MAC address is visiting my website.

Use the getmac command on Windows to get this information.

C:\Users\obama>getmac
 
Physical Address    Transport Name
=================== ==========================================================
D0-50-99-0D-AB-0F   N/A
00-13-46-3A-02-83   Media disconnected
00-FF-EE-02-13-F1   Media disconnected
D0-50-99-0D-AB-0F   \Device\Tcpip_{3AEB2A66-0560-4259-9EE8-DEB282A1B45F}

But the best way to restrict adult sites and other unwanted content like Liveleak at work is a UTM device. The Fortinet FortiGate 30E is an integrated hardware approach to filtering and protecting web traffic over your network. This will filter all adult content and provide a hardware firewall to protect your users. Another feature is the ability to segregate the network with VDOMS to allow guest and employee access to the network. Protecting employee network data from visitors. Blocking unwanted data is a better idea than playing detective later, this will make your network safer from the get go.

More information: https://www.avfirewalls.com.au/FortiGate-30E.asp?. Knowledge of Wireshark and other packet filtering utilities like tcpdump is still very important though.

Download the Fortinet FortiGate/FortiWiFi 30E Data Sheet (PDF).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.