How can I monitor the TCP/IP (or HTTP) traffic of a remote machine?
Solution 1
- Do you have access on the remote Windows machine?
- If yes, there are a lot of ways you could do monitoring (depending on the depth of your requirements)
- For example you could execute
wireshark
on the remote machine too
- If you do not have access on that machine,
- You are limited to what can be tapped on the network
- Which requires access to the network
(networks today typically do not broadcast any traffic, so snooping is difficult)
- However, if you have access to the network devices, you could snoop over them
- One example (already noted in another answer here) is to setup a proxy in the path
- the Squid proxy has very good ways to track web activity (with some more tools)
- Another is to mirror traffic for the user's port from one of the switches on the network.
- Once you get a
tap
in the network path, a lot of options open up again
- One example (already noted in another answer here) is to setup a proxy in the path
Assuming you are administering the network and probably the Windows machine in question,
You would have one of the above things workable.
Solution 2
Are you looking to monitor the URLs that they visit or malicious traffic in HTTP payloads?
If the former, use a proxy on the gateway device and set logging and make the proxy transparent.
If the latter use a managed Anti-virus suite.
Solution 3
If you want a detailed in depth analysis of content the you can use:
Both tools are free and quite powerfull.
Related videos on Youtube
Hemant
My Profile I am programmer based in Udaipur, India. My work involves .NET (C#), Delphi, Oracle, Postgresql, OS X and iOS programming. My Works Sublines - Easy subtitles on Mac Base32 Encoding - An encoding library for .NET Machine Explorer - WMI access using Delphi
Updated on September 17, 2022Comments
-
Hemant over 1 year
Are there any applications (preferably free) for windows OS using which I can monitor the TCP/IP traffic of a remote machine (in the same intranet)?
-
lexsys almost 15 yearsWhat do you need to monitor this traffic for?
-
-
reconbot almost 15 yearsYou should know this has been far superseded by Wireshark. The developer lost the trademark and domain of ethereal a while back, if you notice there's been no development on it. wireshark.org
-
Runner almost 15 yearsThanks for the info. I used Ethereal quite a while ago and I did not know this.