The new forums will be named Coin Return (based on the most recent vote)! You can check on the status and timeline of the transition to the new forums here.
Please vote in the Forum Structure Poll. Polling will close at 2PM EST on January 21, 2025.
tracking web browsing by ip [i dare say OVER-SOLVED]
one of my roommates wants to use (and pay a share of the monthly bill for) the internet (that's in my name). i don't trust this guy. i don't like this guy. but it will help pay for the bill, and i'm gonna be out of here in a month or two so i'm doing my best to not cause more strife around here. is there anyway i can set my router to log web browsing for a specific ip? log files, etc
Would this guy know you're essentially invading his privacy?
yes i told him up front that he could use it but that it would be tracked, take it or leave it.
what concerns me enough to do this is comments i've overheard made by him as well as comments made by him directly to me, including gems like "the government can't track your shit on napster" and "you can't get a virus from installing stuff".
Those are very dumb things to say. I could see your concern and agree it's always a good idea to CYA. Just be aware that your router most likely doesn't provide very complete traffic tracking and it looks to me like those logs could fill up pretty quickly (based on my personal internet use) so it may help to have a rule in your e-mail to sort them out.
MisterGrok on
GamerTag: aintnodancer
0
TL DRNot at all confident in his reflexive opinions of thingsRegistered Userregular
edited July 2009
IANAL, but from what I understand you might be legally better off not knowing if he was up to no good.
"Hey, I was out of town and my roommate was using the internet"
vs
"Hey, I have these saved logs of internet traffic in a folder on my desktop, but didn't have time to go through them before SWAT raided my roommate's illegal porn server farm."
Don't worry, they'll see his logs when they confiscate his computer too.
If he's going to be up to no good and being a stupid fuck, I'd suggest that you suck up the extra cost and keep him the hell off your network. Even if he doesn't do anything Epic Stupid you'll still be back here shortly posting "How to keep roommate from leeching all the bandwidth downloading porn off Kazaa"
PeregrineFalcon on
Looking for a DX:HR OnLive code for my kid brother.
Can trade TF2 items or whatever else you're interested in. PM me.
There is a way to do what you want -- just counting bytes exactly like an ISP, no stateful inspection of traffic -- but it requires some tech savvy and a spare Linux computer to implement. Once it's set up it'll run by itself though. (read: if you have a spare old PC -- circa 1998 or later -- and you can install a second Ethernet card in it then we can tell you what to type and what to plug in where.)
Ingredients, in short form for fellow Linux nerds:
1) TC script (see lartc.org) that sets up two traffic queues, one for him and one for his roommate. Neither queue is bounded, so if nobody is using any bandwidth on one computer then the other computer can use all of it. If both queues are using bandwidth at max capacity then total usage is shaped down to 50/50.
2) iptables script that counts all forwarded packets in various -A ACCEPT rules
3) on-boot bash script that periodically clears and prints the kernel packet and byte counters for the day and emails them.
The only other issue I can think of is: what do you consider billable usage?
If the billable event is "having an Internet connection" then implement the 50/50 traffic shaper and charge him half. Even if he ends up using 9 times the bandwidth you're using, the shaper enforces your right to half of the bandwidth whenever there's contention, so it doesn't matter.
If the billable event is MB or GB of traffic compared with your maximum allowed monthly usage, then bill him as a percentage of what your ISP allows you to use each month.
mspencer on
MEMBER OF THE PARANOIA GM GUILD
XBL Michael Spencer || Wii 6007 6812 1605 7315 || PSN MichaelSpencerJr || Steam Michael_Spencer || Ham NOØK QRZ || My last known GPS coordinates: FindU or APRS.fi (Car antenna feed line busted -- no ham radio for me X__X )
thank you for the responses. especially you, mspencer. i'm ashamed to admit i was only able to follow about 1/3 of that.
i'm not overly concerned with bandwidth whoring, as i am gone all day and he is usually winding down and/or already asleep by the time i get home. as it stands now myself and one roommate split the cable bill and as we are (well, were) the only two with computers we had the only network wirings and such. on the rare occasion that he is downloading "stuff" and i am trying to play a game or browse the web and it interferes with me, i simply knock on the wall or im him and say "hey tweak that shit down, you're hogging all the up" or something to that effect. i'm just mainly concerned with WHAT he's doing/looking at. i'm going to read through the manual (which for the record i did look for but somehow managed to lose in the scant 6 months i've had this router) tommorow at work.
edit: forgot to mention he is using a powerbook w/ wireless (airport i guess it's called?)
i think this thing will be a non-issue, however. this house was apparently built to the specifications of a nuclear bomb shelter. we tested his powerbook and he gets a clear, strong signal standing in my room but when he moves (technically) closer but through one wall to sit in the living room he barely registers a signal at all, let alone get a usable one. so for 1950's construction, i guess.
You may be able to wind an Ethernet cable though ventilation ducts to get where you need to go, and ask your roommate to buy a second router or just use Ethernet. This starts to resemble "home handyman" advice and I'm notoriously poor at handyman type stuff -- but one or more wire snakes and/or some hook-and-loop ("Velcro") wire ties can help get Ethernet around some bends.
I am not a lawyer but I think you may want to consult an expert, because: there may be some protection against prosecution afforded to you if you were providing Internet service and you had no capability to monitor what your roommate was doing. I can give you a way to monitor volume of traffic without looking at the contents of any traffic, and that preserves your ignorance of the content of his traffic.
If you gain the ability to monitor what he's doing, then it's possible you then become required to use that ability and to monitor what he's doing. Keep that in mind.
That said, what do you want to log and monitor? There's shallow monitoring and there's deep monitoring, if I had to make up names to describe the extents.
You can do what I was talking about before, and just log the number and aggregate size of packets. If you do this you aren't inspecting the traffic at all. You're doing what basically every ISP everywhere does: counting bytes to map network usage. This helps you say heavy usage / light usage / no usage, but tells you nothing about the nature of the traffic.
If you stay very basic, you can watch what traffic types (protocols and ports) are being used for how much data, and you can watch which Internet hostnames are communicating and what countries they are in.
You can go deeper if you really want to. Basic "stateful packet inspection" gathers packets together into a coherent set of state information -- a connection, or a flow -- and reads information about the content of that connection. What vhost on that web server was being contacted? What is the nature of the data in that connection? Is that an IRC connection on a nonstandard port?
You can make your analysis job easier by forcing all of the user's traffic through a proxy server of some kind. This is harder to set up, and if you're not technical I don't think I can set this up for you.
There are two basic approaches to stateful packet inspection. You can log everything to disk and use analysis tools offline, or you can run a real-time analysis tool that spits summary information out as it goes, and you just log the summary information.
I guess what I'm trying to say is, when you say you're mainly concerned with what he's doing or looking at, (a) you may be better off saying it's none of your business and moving on, and (b) the methods required to reliably track what they're doing in a way that can reliably detect "shenanigans" are probably beyond what you had in mind. They're possible, with a spare PC, a friendly Linux nerd, and some beer and pizza. They're just not easy to set up or easy to use -- this would be something a corporate IT department, or a county computer crimes investigator uses, not something the general public would use.
mspencer on
MEMBER OF THE PARANOIA GM GUILD
XBL Michael Spencer || Wii 6007 6812 1605 7315 || PSN MichaelSpencerJr || Steam Michael_Spencer || Ham NOØK QRZ || My last known GPS coordinates: FindU or APRS.fi (Car antenna feed line busted -- no ham radio for me X__X )
Posts
Check page 40
what concerns me enough to do this is comments i've overheard made by him as well as comments made by him directly to me, including gems like "the government can't track your shit on napster" and "you can't get a virus from installing stuff".
"Hey, I was out of town and my roommate was using the internet"
vs
"Hey, I have these saved logs of internet traffic in a folder on my desktop, but didn't have time to go through them before SWAT raided my roommate's illegal porn server farm."
If he's going to be up to no good and being a stupid fuck, I'd suggest that you suck up the extra cost and keep him the hell off your network. Even if he doesn't do anything Epic Stupid you'll still be back here shortly posting "How to keep roommate from leeching all the bandwidth downloading porn off Kazaa"
Can trade TF2 items or whatever else you're interested in. PM me.
Ingredients, in short form for fellow Linux nerds:
1) TC script (see lartc.org) that sets up two traffic queues, one for him and one for his roommate. Neither queue is bounded, so if nobody is using any bandwidth on one computer then the other computer can use all of it. If both queues are using bandwidth at max capacity then total usage is shaped down to 50/50.
2) iptables script that counts all forwarded packets in various -A ACCEPT rules
3) on-boot bash script that periodically clears and prints the kernel packet and byte counters for the day and emails them.
The only other issue I can think of is: what do you consider billable usage?
If the billable event is "having an Internet connection" then implement the 50/50 traffic shaper and charge him half. Even if he ends up using 9 times the bandwidth you're using, the shaper enforces your right to half of the bandwidth whenever there's contention, so it doesn't matter.
If the billable event is MB or GB of traffic compared with your maximum allowed monthly usage, then bill him as a percentage of what your ISP allows you to use each month.
XBL Michael Spencer || Wii 6007 6812 1605 7315 || PSN MichaelSpencerJr || Steam Michael_Spencer || Ham NOØK
QRZ || My last known GPS coordinates: FindU or APRS.fi (Car antenna feed line busted -- no ham radio for me X__X )
i'm not overly concerned with bandwidth whoring, as i am gone all day and he is usually winding down and/or already asleep by the time i get home. as it stands now myself and one roommate split the cable bill and as we are (well, were) the only two with computers we had the only network wirings and such. on the rare occasion that he is downloading "stuff" and i am trying to play a game or browse the web and it interferes with me, i simply knock on the wall or im him and say "hey tweak that shit down, you're hogging all the up" or something to that effect. i'm just mainly concerned with WHAT he's doing/looking at. i'm going to read through the manual (which for the record i did look for but somehow managed to lose in the scant 6 months i've had this router) tommorow at work.
edit: forgot to mention he is using a powerbook w/ wireless (airport i guess it's called?)
i think this thing will be a non-issue, however. this house was apparently built to the specifications of a nuclear bomb shelter. we tested his powerbook and he gets a clear, strong signal standing in my room but when he moves (technically) closer but through one wall to sit in the living room he barely registers a signal at all, let alone get a usable one. so for 1950's construction, i guess.
I am not a lawyer but I think you may want to consult an expert, because: there may be some protection against prosecution afforded to you if you were providing Internet service and you had no capability to monitor what your roommate was doing. I can give you a way to monitor volume of traffic without looking at the contents of any traffic, and that preserves your ignorance of the content of his traffic.
If you gain the ability to monitor what he's doing, then it's possible you then become required to use that ability and to monitor what he's doing. Keep that in mind.
That said, what do you want to log and monitor? There's shallow monitoring and there's deep monitoring, if I had to make up names to describe the extents.
You can do what I was talking about before, and just log the number and aggregate size of packets. If you do this you aren't inspecting the traffic at all. You're doing what basically every ISP everywhere does: counting bytes to map network usage. This helps you say heavy usage / light usage / no usage, but tells you nothing about the nature of the traffic.
If you stay very basic, you can watch what traffic types (protocols and ports) are being used for how much data, and you can watch which Internet hostnames are communicating and what countries they are in.
You can go deeper if you really want to. Basic "stateful packet inspection" gathers packets together into a coherent set of state information -- a connection, or a flow -- and reads information about the content of that connection. What vhost on that web server was being contacted? What is the nature of the data in that connection? Is that an IRC connection on a nonstandard port?
You can make your analysis job easier by forcing all of the user's traffic through a proxy server of some kind. This is harder to set up, and if you're not technical I don't think I can set this up for you.
There are two basic approaches to stateful packet inspection. You can log everything to disk and use analysis tools offline, or you can run a real-time analysis tool that spits summary information out as it goes, and you just log the summary information.
I guess what I'm trying to say is, when you say you're mainly concerned with what he's doing or looking at, (a) you may be better off saying it's none of your business and moving on, and (b) the methods required to reliably track what they're doing in a way that can reliably detect "shenanigans" are probably beyond what you had in mind. They're possible, with a spare PC, a friendly Linux nerd, and some beer and pizza. They're just not easy to set up or easy to use -- this would be something a corporate IT department, or a county computer crimes investigator uses, not something the general public would use.
XBL Michael Spencer || Wii 6007 6812 1605 7315 || PSN MichaelSpencerJr || Steam Michael_Spencer || Ham NOØK
QRZ || My last known GPS coordinates: FindU or APRS.fi (Car antenna feed line busted -- no ham radio for me X__X )