Using Wireshark to get information about the servers visited and traffic on your network is not as much fun as it used to be, but you can still get quite a bit of info even with an SSL connection. It is possible to get the name of visited websites even though they are using SSL. This posting tells us how: https://securitronlinux.com/debian-testing/how-to-filter-the-server-name-from-ssl-client-hello-packets-with-wireshark/. This still works and is very good for monitoring web traffic on your network.
![Ubuntu Virtual machine running Wireshark.](https://www.securitronlinux.com/wp-content/uploads/2019/08/nsa.desktop-960x527.jpg)
This filter will only show requests to google.com, this could be used to work out if a certain site is visited that you do not want people visiting. And you can see which IP address is visiting this URL.
ssl.handshake.extensions_server_name == "www.google.com" |
This filter will restrict it to a certain IP address and will show if they are accessing google.com.
ip.addr == 192.168.1.3 && ssl.handshake.extensions_server_name == "www.google.com" |
Another filtering approach is to filter by MAC address.
eth.addr eq D0:50:99:0D:AB:0F |
Combining this with the previous filter to see if this MAC address is visiting my website.
Use the getmac command on Windows to get this information.
C:\Users\obama>getmac Physical Address Transport Name =================== ========================================================== D0-50-99-0D-AB-0F N/A 00-13-46-3A-02-83 Media disconnected 00-FF-EE-02-13-F1 Media disconnected D0-50-99-0D-AB-0F \Device\Tcpip_{3AEB2A66-0560-4259-9EE8-DEB282A1B45F} |
But the best way to restrict adult sites and other unwanted content like Liveleak at work is a UTM device. The Fortinet FortiGate 30E is an integrated hardware approach to filtering and protecting web traffic over your network. This will filter all adult content and provide a hardware firewall to protect your users. Another feature is the ability to segregate the network with VDOMS to allow guest and employee access to the network. Protecting employee network data from visitors. Blocking unwanted data is a better idea than playing detective later, this will make your network safer from the get go.
More information: https://www.avfirewalls.com.au/FortiGate-30E.asp?. Knowledge of Wireshark and other packet filtering utilities like tcpdump is still very important though.
Download the Fortinet FortiGate/FortiWiFi 30E Data Sheet (PDF).