- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: Orbi - trying to get url visited by user/mac
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Orbi - trying to get url visited by user/mac
I have an Orbi mesh system (RBR50 plus 2 satellites) and want to see network traffic. I’m looking for web site visited or url sorted or listed by device.
You can do some of that through Circle but i don’t want to setup and use another 3rd party and another app....etc. I also tried OpenDNS but i get a drop down of hundreds of url and by mac address so too time consuming.
How would i do that ? Add a managed switch and catch all traffic from there ? Would the new Orbi CBR40 have this capability ? Local only access would be good, don’t want it all going through cloud based solution.
Not it sure if this would be the right forum for this, sorry.
Thank you
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi - trying to get url visited by user/mac
Even if you are going to capture all traffic, the only plain text readable stuff you find will be DNS queries for e.g. A, AAAA, CNAME records, and the small number of domains still operating in plain http. From the other traffic, say https you will only see source and destination IP, and the port - URLs, links, and content is perfectly encrypted.
If you want to capture all URLs there is no other way but operating a Web proxy, strictly enforce that all Web traffic does pass the proxy, direct connections are prohibited, MAC address managed (only allowed ones, others potentially forged MAC addresses), prohibit the usage of any VPNs (kids will be always smarter than us), ... all together much more than what in scope for a consumer/SOHO/small business router.
To make this possible, there might be no other way around strictly managing the clients (computers, mobiles, tablets, ....) and deploy powerful end point security software, too.
And good luck analysing this data - already a simple access to a "complex" Web application or an App like Gmail does generate masses of data as there is a lot of side chatter.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi - trying to get url visited by user/mac
Ugh....thought it would be something like that ! I was thinking how nice it would be if we could get web filtering that includes all domains but filters the noise shown by user ! All this without the use of a switch and altering/adding security settings, etc.. I think it would be a great feature for parents, like me, who want a simple and easy way to monitor. I’ve used OpenDNS and that does do the job but as you say the noise is ridiculous, thousands of url. I also don’t want my traffic monitored and stored for me to access on their server. Granted, my ISP does that ! Local only access ? An app that would VPN into the router ? and give you live updates and monitoring local or remote that would have monthly cost....yikes ! i could go for. Not sure about my whole VPN thing...out of my water !
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi - trying to get url visited by user/mac
Depending on your level of technical expertise and how much money, if any, you want to put into it, you could run a packet capture program like Wireshark somewhere on your network in promiscuous mode, and filter it to only log for certain domains, protocols, or flags (e.g., only record outgoing SYN packets, to limit the data volume). It'll probably take a lot of configuration to get it down to a manageable amount of data, but you could get it to ignore domains, protocols, devices, etc., you don't care about by iteratively refining your filters. It's pretty powerful, works on Windows and Mac OS X, and has a graphical interface. Without sufficient filtering configuration, you'll either use a ton of storage by capturing too much data, or you'll have to limit the storage used, in which case you might only have, say, the last 10 hours' of data to review. It should work anywhere on your LAN (meaning no particular phsyical or logical location needed), and wouldn't require reconfiguring your router.
Alternatively, you could run a utility like SiLK, which is also free, but requires a Linux device. While it starts out recording far less data than a PCAP utility, it requires a Linux or Mac device, knowing how to run things on Linux, and then learning how to do at least basic flow analysis within SiLK. It's also run from the command line. The upside is it only stores metadata, so it doesn't take much storage and is good for maintaining privacy, and it's extremely powerful, allowing all sorts of analyses of data flows, and the data can be manipulated in, say, Python if you want/need to. Honestly, it's probably overkill, but it's free, powerful, and is basically designed for tasks like this (albeit it's intended more for commericial/enterprise uses than personal use). The monitoring device would also need to be placed by your gateway router, and you'd need to enable mirroring WAN traffic to LAN port1 in the debug configuration.
The third and final option I'll recommend is using a device, like a Raspberry Pi, running your own DNS server, like Pi-Hole, on it. You can access it through your broswer, and it can generate reports to show you where your traffic is going. You'd have to reconfigure your router to point to it as the DNS server on your network, but you can place it anywhere on the LAN. The downside is that anything accessed by IP address won't need a DNS lookup, and so won't be logged at all. The same goes for any devices manually configured with their own DNS settings, since they'd ignore the DNS settings provided by your router.
While it's actually the only one I have no experience with, the Pi-Hole one might be the easiest one, and should have the added benefit of removing annoying annoying ads and improving network performance. It might be a little more work than setting up a managed switch, but you'd at least get more benefit out of it.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Orbi - trying to get url visited by user/mac
So i decided to try Circle first which comes with the Orbi. It actually does all of what i want ! Weird, i had tried searching if it recorded url but found it was only for known social media sites. It actually captures everything, well let’s say allot, and sorts it by categories like Science, Online games (had my clash royal played from iPad) and many more. I’ve read it cuts your internet speed in half, so far i’m not seeing that so don’t think it is valid concern. The site says it doesn’t store any data in cloud or does any data of sites visited leaves your network. That’s good, as long as it’s true....paranoia ! Feel kinda dumb i haven’t tried it for so long !
• Introducing NETGEAR WiFi 7 Orbi 770 Series and Nighthawk RS300
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more