How can I monitor the TCP/IP (or HTTP) traffic of a remote machine?

Question

Are there any applications (preferably free) for windows OS using which I can monitor the TCP/IP traffic of a remote machine (in the same intranet)?

What do you need to monitor this traffic for? – lexsys Aug 13 '09 at 09:32 — lexsys, Aug 13 '09 at 09:32

score 5 · Accepted Answer · answered Aug 13 '09 at 05:40

Do you have access on the remote Windows machine?
- If yes, there are a lot of ways you could do monitoring (depending on the depth of your requirements)
- For example you could execute wireshark on the remote machine too
If you do not have access on that machine,
- You are limited to what can be tapped on the network
- Which requires access to the network
  (networks today typically do not broadcast any traffic, so snooping is difficult)
However, if you have access to the network devices, you could snoop over them
- One example (already noted in another answer here) is to setup a proxy in the path
  - the Squid proxy has very good ways to track web activity (with some more tools)
- Another is to mirror traffic for the user's port from one of the switches on the network.
- Once you get a tap in the network path, a lot of options open up again

Assuming you are administering the network and probably the Windows machine in question,
You would have one of the above things workable.

score 1 · Answer 2 · answered Aug 13 '09 at 05:30

1

Are you looking to monitor the URLs that they visit or malicious traffic in HTTP payloads?

If the former, use a proxy on the gateway device and set logging and make the proxy transparent.

If the latter use a managed Anti-virus suite.

answered Aug 13 '09 at 05:30

David Rickman

3,290
17
16

score 1 · Answer 3 · answered Aug 13 '09 at 07:00

1

If you want a detailed in depth analysis of content the you can use:

http://www.ethereal.com/

Both tools are free and quite powerfull.

answered Aug 13 '09 at 07:00

Runner

31
3

5

You should know this has been far superseded by Wireshark. The developer lost the trademark and domain of ethereal a while back, if you notice there's been no development on it. http://www.wireshark.org/ – reconbot Aug 13 '09 at 13:38
Thanks for the info. I used Ethereal quite a while ago and I did not know this. – Runner Aug 13 '09 at 14:26

score 0 · Answer 4 · answered Aug 13 '09 at 12:40

Without resorting to ARP poisoning, you would need to use a proxy server or monitor traffic at the router/gateway. The only time we've had to do this was with logs at the proxy server due to accountability issues we're mandated to follow.

If you use a proxy like Squid you can then just parse the logfiles.

score 0 · Answer 5 · edited Aug 03 '22 at 23:31

0

Few tools which may be relevant:

Tcpdump
Nmap
Wireshark

edited Aug 03 '22 at 23:31

Saikat

105
4

answered Aug 14 '09 at 05:39

cherniaev

41
2

score 0 · Answer 6 · answered Aug 18 '09 at 11:44

If you have a managed switch between you and the remote machine you can simply mirror the traffic to the local machine and then use any monitor software with some suitable filter see How to monitor remote traffic

How can I monitor the TCP/IP (or HTTP) traffic of a remote machine?

6 Answers6