Don’t be in the dark about who is visiting what web sites on your LAN. Use our two-prong approach to lock in on who is browsing what on your home network.
Whether you want to keep an eye on what your kids are doing, monitor the activities of people connecting to your Wi-Fi hotspot, or you’re just a little more curious than the average person, the following guide will help you monitor both the global URL requests originating from your network and the requests originating from individual users on the network. It’s a two-prong approach so you can easily do one without the other (individual monitoring without global monitoring or vice versa).
What You’ll Need to Enable URL Logging
Because this technique is two-prong we’ll divide the What You’ll Need section into two portions. First, if you’re only interested in global logging—keeping a record of every URL visited from your internet connection but without the granularity of seeing which specific computer is doing the requesting—you’ll need the following things:
- A router that allows you to set custom DNS servers (the vast majority of routers do)
- A free OpenDNS account
If you want to get a more granular view of the URL requests on your network and don’t mind exerting a little extra effort you’ll need
- A router that allows logging (again, most routers do)
- A free copy of WallWatcher
The first method is the simplest and requires only a few minutes of setup. The downside is that the router + OpenDNS method only allows you to see that requests are being made from your network and not who is making them. Thus you’ll know there have been multiple visits to ABC and XYZ site but all you’ll know is that they came from your network. A smaller downside is that it’s not in real time so you’ll have to wait roughly a day for the logs to update for review.
The second method involved enabling the Sys Log on your router and then pulling that log, putting into a program for analysis (specifically to resolve all those IP address to human readable URLs), and then reading over the list. With this technique you’ll see specifically which computer or device on the network, at what time, accesses what sites.
We recommend working through the tutorial and setting up both methods. Use the first method (OpenDNS) to keep a general eye on things and the second and more intensive method (analyzing the logs) when you notice something amiss and want to delve in deeper to see what’s going on.
Configuring Your Router for OpenDNS
First, pay a visit to OpenDNS and sign up for their free home-user account. Plug in your email, choose a strong password, and then make sure to check your email to confirm your identity and activate the account. Once you’ve confirmed your account you’ll need to add your home IP to a network. OpenDNS supports multiple networks but all we’re concerned with is making sure that your home network is recognized by OpenDNS.
Click Add a network in your OpenDNS Dashboard, confirm that the IP it suggests you use is the IP address of your home internet connection. Name the connection Home (or the name of whatever network you’re planning on logging the URLs for).
When you’re done if it doesn’t automatically kick you over to the Settings submenu of the dashboard click on the tab to navigate there on your own. There you’ll find the new network you made, listed by the label you gave it and your IP address. Before OpenDNS will start logging for us we need to give it the go ahead to do so. Click on the IP address to access the settings for that network.
Once inside the settings menu click Stats and Logs in the left hand column. Within the Stats and Logs menu check the box Enable stats and logs and then click Apply. Now that you’ve told OpenDNS to monitor your connection it’s time to go switch the DNS servers in your router to point at OpenDNS so it will have some traffic to monitor.
We’re using a Linksys router with custom Tomato firmware installed. In order to get to the DNS settings we logged into the router, navigated to Basic –> Network –> Static DNS, like so:
Your router should have a similar menu. For tips on your specific router, check out the OpenDNS router guide here. Depending on your router and firmware you’ll have slots for 2-4 DNS server addresses. Fill as many of the slots as you have available using the following IP addresses in the following order:
Once you’ve added the new DNS servers to your router, make sure to save your settings. From this point forward OpenDNS will log all the URL requests originating from your home network. To view them simply log into your OpenDNS account, click on the Stats tab and review the Domains data. It’s worth noting that the stats aren’t updated in real time and you should expect at least a 12-24 lag between when a site is visited and when the domain appears in your stats page. Need a more immediate and granular control? Read on to enable router-level logging.
Make sure to explore the Support pages at OpenDNS to get a bigger idea of the other things you can do with OpenDNS (such as free content filtering). It’s more than just a faster DNS server with logging features!
Enabling Router Logging and Log Analysis
OpenDNS is definitely the simple route. If you don’t need real time second-by-second logging and you want someone else to do the heavy lifting of translating all the IP addresses into human-friendly reports, it’s the way to go. If you want a more detailed look, however, you’re going to need to get your hands dirty. In this section of the guide we’re going to help you enable logging on your router and then use free application Wall Watcher to analyze those logs in real time.
First, we need to enable logging on our router. We’ve never come across a router that doesn’t have a logging function so it’s highly probable that you can log connections with yours. We’re running a Linksys router with Tomato installed so we’re going to navigate to Status –> Logs –> Logging Configuration and then check Log To Remote System and then plug in the IP address of the computer we’re going to install Wall Watcher on. This IP address is the internal IP address on the LAN, in our case 192.168.1.117. Then under that in the Connection Logging section we toggled the Inbound and Outbound traffic to Both. Scroll down and click Save.
The router is now logging and broadcasting the logs out over the network to our host machine. Time to install Wall Watcher. Wall Watcher is not a straight forward one-click application to install so make sure to pay attention to the following instructions to avoid any unnecessary frustration.
First download both the Wall Watcher apps and the Wall Watcher Library. Extract them both to the same folder. Run Setup.exe (if you get an error about a missing Visual Basic file, download and install the missing component from Microsoft here). When you run Setup for the first time you’ll see the following dialog box:
We checked all four but at minimum you must check the first one, Install and register Library Files. Skipping this step inevitably leads to errors unless by chance you have the exact libraries and files installed that the application needs.
On the first run you’ll be prompted to select your router. If you choose to Auto-Select WallWatcher will go through every router in its 125+ router database and test it against your router configuration. If you know the router you have, pick it from the list to save yourself some time (note: if you’re running Tomato, DD-WRT, or another popular alternative firmware, choose that from the list instead of your router’s model number). Click OK.
At this point you’ll see a really busy window pane with all your traffic flowing by. All of it will be in IP form which sin’t particularly useful to you unless you feel like resolving the IPs by hand (which you can, by the way, using the included IP-URL.exe in the WallWatcher folder).
Click on Options –> Logging in the menu bar. With in the logging menu check Convert IP Addrs to URLs and OK to use NetBios 137. Click OK and return back to the main WallWatcher pane. Now, next to the IP addresses you should see actual URLs whirling by:
Even more important for the second prong of our whole monitoring project, the local IP address is displayed. All the traffic in the above screenshot originated from the *.117 computer. Glancing at the log I can easily see my visit to Reddit during the testing phase of the setup. Although you can watch things in real time if you’re so inclined, WallWatcher logs all the connections and you can pull fresh logs from the router if need be on a case-by-case basis so feel free to just let it run in the background (or not at all until you feel the need to fire it up and do some analysis).
WallWatcher is absolutely packed with settings and filters so you can easily tweak it to hone in on a particular device on your network, ignore traffic to benign sources you’ve white listed, set up alerts for sites you’ve black listed, and more. With a little experimentation you’ll be examining your logs the way you want and with surgical precision.
With the two-prong approach we’ve laid out here you can easily keep a global eye on your network from the comfort of your OpenDNS dashboard and swoop down to do a request-by-request analysis of your log files to see who specifically is doing what. Miss Scarlett on the iPad visiting HelloKitty.com? You’ll have the mystery solved in no time.
Jason Fitzpatrick is warranty-voiding DIYer and all around geek. When he's not documenting mods and hacks he's doing his best to make sure a generation of college students graduate knowing they should put their pants on one leg at a time and go on to greatness, just like Bruce Dickinson. You can follow him on Google+ if you'd like.
- Published 07/26/11