A bit of a backstory, my brother (in his early teens) has an attention disorder. Often I find him when he is supposed to be doing his homework instead surfing the web. We would ideally like to confront him with evidence that he is not really working at all, preferably by showing the history of which websites he has visited. I can't use Wireshark on my side (network is not set up in a way which would allow me to monitor his throughput).

My primary concern is caching. The main thing it would be useful for me to get would be the initial HTTP GET requests, which I can get with Wireshark by doing (http.request.method == "GET") && (http.request.uri == "/"), however, this stops working once the website has been cached (it only gets images which are out of date, etc, and changing == to contains in the 2nd parameter results in a lot of garbage and still no guarantees that it won't be cached).

My router is a WRT54GL with Tomato on it (has dnsmasq etc.). I did wonder about logging with dnsmasq, and have read up a bit on it, but I don't know if it will work the way I'm wanting it to (local DNS cache will be used after the initial request, right?).

Otherwise, is there some better way to log his traffic? A logger on his computer itself would also be fine, just as long as it is 'invisible' on his computer (or could be configured to be invisible) -- he is not competent enough with Linux to determine what is running in the background. I currently have him set up with Debian Squeeze.