Hey,

I'm looking to monitor the usage of MSN on the company network, i've checked out a bunch of the freerange crappy programs out there, like MSN Sniffer 2, MSN Monitoring etc. They are fine for intercepting and monitoring individual conversations, but they don't offer any real reporting ability.

My main goal is to be able to generate a report that details how much MSN traffic each workstation (IP/MAC address) on the network is transmitting in a given time period.

I've looked at Ethereal, Ultrasniff, and Microsoft's Network Monitoring 3, but i've never used these before and it's looking a bit tricky to get it to only pick up MSN traffic.

I know alot of people on this forum work in IT and Network Admin roles, was wondering if anyone else has had to do, or knows how to do this?

Many thanks

Snort could possibly help out in this situation. I've only ever seen it running after it was setup by some very skilled people and it was able to generate reports on traffic across the network by protocol.

Use a transparent proxy or similar to generate reports?

If you don't filter the traffic then you won't have a chance to get any info.

MSN is really tricky from what I've looked at, using a heap of ports and protocols to try to work (ie, if you block one it just tries using another one). I can see why MS did it like that (to stop idiot newbs having problems) but at the same time, it'd be nice if they provided sysadmins with some comprehensive info about how to block it.

im glad you dont work at my work viper

Here's an alternative idea:

- Block all MSN ports;
- Install SOCKS server and config MSN to use that;
- Generate usage report on SOCKS server.

So you can isolate the MSN traffic to other types of traffic on your network. I know this won't stop them from using web MSN but you couldn't really do that easily anyway.

Just my $0.02.

Edit:

This product might do what you want (emphasis' mine):

http://www.eeye.com/html/products/Iris/features.html

Reconstruct TCP Sessions
Iris support several Protocol Decoders through an open plugin-based architecture, including: ARP, CIFS, DNS, Ethernet II, 802.3, 802.2, ICMP, IP, TCP, UDP, Novell NetBIOS (IPX), SAP (IPX), RIPX (IPX), BCAST (IPX), NBDGM, NBNS, NBSS, NetBIOS, SMTP, AOL AIM, MSN Messenger, BOOTP/DHCP, RARP, POP3, SMTP, LCP (Link Control Protocol) (PPP), PAP (Password Authentication Protocol (PPP), PPPoE (PPP over Ethernet) (PPP), SMB, NNTP.

last edited by Opec at 20:14:53 17/Apr/07

I installed one of these at a place I worked at: http://www.contentkeeper.com.au/

Basically you sit it between your office network and the gateway and you can see everything that goes on. You'd be surprised how many people visit www.rsvp.com.au in work time. (It was in the top 10, along with seek.com.au, lol)

You want to disable MSN/or any IM? No problem, just tick a box. Yes, it will kill any "work arounds".

Hooks into AD using LDAP. So any user/group specific policies are easily configurable.

Might be worth sending an email to info@contentkeeper.com telling them exactly what you want to see if the advanced reporting module does it.

You can also run it in "quiet mode", so it doesn't block a thing and it is impossible for users to know it is running.. But at the same time, it generates VERY detailed reports with the users login ID attached, and how much company time they wasted surfing the net.. :) (OUCH?)

Excellwnt responses, thanks guys! I'm checking it all out

Yeah you are right, it is very tricky... and Spook, my work gives alot of freedom, we don't block anything, but we expect people not to abuse that trust, and right now a few key people are just taking the piss. All i really want is like a top 10 users list so we can publish it and action accordingly.

In a related story I was checking out MSN Sniffer 2, it intercepts the actual conversations, and the HR chick was actually having cyber sex with her boyfriend on msn.... it was like f***ing 11AM on a Tuesday.

noone likes an MSN nazi mate.

You may want to also make sure your IT policy and employee contracts state that they are subject to "big brother" type stuff to cover your ass.

In a related story I was checking out MSN Sniffer 2, it intercepts the actual conversations, and the HR chick was actually having cyber sex with her boyfriend on msn.... it was like f***ing 11AM on a Tuesday.

Logs or lying!

Basically you sit it between your office network and the gateway and you can see everything that goes on. You'd be surprised how many people visit www.rsvp.com.au in work time. (It was in the top 10, along with seek.com.au, lol)

ahaha really

A work-mate of mine had a nice setup a while back.

Dual-monitor environment, with Seek.com.au on one monitor facing away from the boss's office, with the second monitor (boss-visible) set up with a bash script that scrolled useless technical jargon on the screen to make him look busy while he was finding a better-paying job.

HR chick was actually having cyber sex with her boyfriend on msn

If you think chicks in HR actually do any work you're sadly mistaken.

ahaha really

Yups, company was in a bad state at the time. Had just been taken over and morale was under the floor boards. It was top 10 websites sorted by usage.. So like, all the pictures and stuff would account for a lot of it. The amount of individual users using the site wasn't that high. But those who were got it into the top 10.

I guess in a way, it showed that most people were doing the right thing, if rsvp.com.au traffic was in the top 10.

I felt bad about the whole thing cause I didn't agree with it, and told all my friends not to look at dodgey websites at work anymore..

... and went and made a profile on rsvp.com.au AMIRITES?! LOL

im totally astounded by how popular rsvp is

i know heaps of peeps that use it regularly and they are all getting plenty

0_o net monitors scare me... i could never introduce that stuff at work cause I am the worst offender.

last edited by infi at 14:49:24 18/Apr/07

websense lol

... and went and made a profile on rsvp.com.au AMIRITES?! LOL

Dentist thing didnt go too well, huh?

the company i work for use msn as a comms tool for international communications... i suggested irc but was over-ruled by stupid noobheds :P since then a couple of i.t. blokes have tried to shutdown my irc'ing.. & failed. :D viva teh eye are see yoh.