How can I monitor the TCP/IP (or HTTP) traffic of a remote machine?

8,627

Solution 1

  • Do you have access on the remote Windows machine?
    • If yes, there are a lot of ways you could do monitoring (depending on the depth of your requirements)
    • For example you could execute wireshark on the remote machine too
  • If you do not have access on that machine,
    • You are limited to what can be tapped on the network
    • Which requires access to the network
      (networks today typically do not broadcast any traffic, so snooping is difficult)
  • However, if you have access to the network devices, you could snoop over them
    • One example (already noted in another answer here) is to setup a proxy in the path
      • the Squid proxy has very good ways to track web activity (with some more tools)
    • Another is to mirror traffic for the user's port from one of the switches on the network.
    • Once you get a tap in the network path, a lot of options open up again

Assuming you are administering the network and probably the Windows machine in question,
You would have one of the above things workable.

Solution 2

Are you looking to monitor the URLs that they visit or malicious traffic in HTTP payloads?

If the former, use a proxy on the gateway device and set logging and make the proxy transparent.

If the latter use a managed Anti-virus suite.

Solution 3

If you want a detailed in depth analysis of content the you can use:

http://www.ethereal.com/

Both tools are free and quite powerfull.

Share:
8,627

Related videos on Youtube

Hemant
Author by

Hemant

My Profile I am programmer based in Udaipur, India. My work involves .NET (C#), Delphi, Oracle, Postgresql, OS X and iOS programming. My Works Sublines - Easy subtitles on Mac Base32 Encoding - An encoding library for .NET Machine Explorer - WMI access using Delphi

Updated on September 17, 2022

Comments

  • Hemant
    Hemant over 1 year

    Are there any applications (preferably free) for windows OS using which I can monitor the TCP/IP traffic of a remote machine (in the same intranet)?

    • lexsys
      lexsys almost 15 years
      What do you need to monitor this traffic for?
  • reconbot
    reconbot almost 15 years
    You should know this has been far superseded by Wireshark. The developer lost the trademark and domain of ethereal a while back, if you notice there's been no development on it. wireshark.org
  • Runner
    Runner almost 15 years
    Thanks for the info. I used Ethereal quite a while ago and I did not know this.