Return to Level1Techs.com

Logging web traffic

Hello :slight_smile:

I’m looking for options on how to Log users web traffic.

The network I have here is kinda weird, it goes:

(UK Fibre network)
¬ BT Cisco Meraki [ I am unable to manage this ]
¬ TP-Link Omada edge device, switch, wireless points
¬ Users machines

The TP-Link solution is being used to manage the internal network for DHCP, although there is no feature on any of the TP-Link hardware to monitor web traffic.

Is there anything that would work well that I can setup and stick between the TP-Link and Meraki to monitor traffic? - Or I suppose it would need to under the TP-Link device to get IP addresses from client machines.

When I understood what you want correctly, any better quality firewall should be able to do this.

I was thinking proxy? - the TP-Link device I have here is unable to monitor web traffic :confused:

1 Like

Security Onion if you want to go overboard.

1 Like

PiHole?

1 Like

Oooo this is super interesting…

1 Like

It’s worth noting that this is slightly harder with https and DNS over https and similar.

With QUIC , this becomes even harder.


There’s a well established piece of software called squid.

It can work with your firewall to intercept and MITM connections … but to use it for https you need squid to be able to encrypt its own data as https using some private key you have that client computers trust. In other words you need to make a certificate authority cert, give the key to squid, and install the cert on each client.

https://wiki.squid-cache.org/Features/SslPeekAndSplice

There’s also surricata - worth looking into.

1 Like