Wireless communication brings fundamental changes to data networking and telecommunications. Nowadays, more and more organizations and home users build up wireless networks. And in many situations, wired networks and wireless networks exist together. This topic demonstrates two solutions to monitor wireless networks internet activities.

1.  Monitoring with a manageable switch.

A typical network contains both wired and wireless networks:

Because port mirroring can not mirror wireless traffic, we need to setup port mirroring in the wired part. In this example, we add a manageable switch TL-SL2210WEB between the router and wireless AP to mirror the AP’s traffic.

“Port 1″ of the manageable switch is connected to the router, “port 2″ is connected to WFilter computer,  and “port 3″ connected to the wireless Access Point.

By setting “Port 1″ as the mirrored port and “Port 2″ as the mirroring port, we will be able to monitor all internet traffic.

By now, you can monitor all the wired and wireless computers.

2. Deployment with a proxy server.

If you don’t have an available manageable switch, you also can do monitoring in a local proxy server.

As in the below figure, by setting up a proxy server and install WFilter in the proxy server, computers using this proxy server to access internet will all be monitored.

Please refer to “Deploy WFilter with a Proxy Server” for more information.

What is port mirroring?

Usually, a computer connected to a switch or a router can only receive its own network packets. A switch with port mirroring function allows you to monitor network packets from a mirroring port.

With port mirroring is enabled, the switch sends a copy of all network packets seen on one port (or an entire VLAN) to another port, where the packets can be analyzed.

How to monitor network without a port mirroring switch?

There’re three methods to monitor your network without a manageable switch.

1. Using a broadcasted Hub

A broadcasted hub is a data packet repeater commonly used in broadcast networks.

Most broadcasted hubs provide a uplink port to connect with a up layer device. You shall connect the up layer device to the uplink port of the hub (Note: Do not use the port next to the uplink port).

However, most broadcasted hubs only work in 10Mb speed, and all the computers connected to the hub will share the bandwidth, which is not so fast as a switch. So we recommend you use a manageable switch instead.

2. Windows Gateway, Proxy Server or Bridge

Windows Gateway

If a port mirroring switch is unavailable, you can setup a windows gateway by your network edge. With an internet monitoring/filtering product in this windows gateway,

you will be able to monitor all internet traffic of network computers.

How to configure Windows 2008 Server IP Routing?

Proxy Sever

A Proxy Sever is a computer that offers a network service to allow clients to make indirect network connections to internet.

Like the gateway solution, you also can do monitoring/filtering in the proxy server. To make things simple, some proxy servers have monitoring/filtering modules integrated,

while some monitoring/filtering programs also have a proxy module integrated.

For example, you can easily enable the proxy server service in WFilter enterprise. For more details about WFilter proxy settings, please check:

http://www.wfiltericf.com/help/doc/deploy_proxy.htm

 

Bridge

Bridges (sometimes called “Transparent bridges”) work at OSI model Layer 2. Bridges just forward data depending on the destination address in the data packet.

By deploying a bridge in your internet entrance, you can setup a monitoring product in this bridge to monitor internet activities of your whole network.

3. ARP Spoofing

ARP spoofing, also called ARP Cache poisoning, is one of the hacking methods to spoof the contents of an ARP table on a remote computer on the LAN. With ARP spoofing,

you act as a relay server between client computers and the real gateway, so you will be able to monitor their traffic. However, as a hacking technology, ARP spoofing will make your network unstable.

So I recommend you not to use it unless necessary.

XMPP-based software is deployed on thousands of servers across the Internet and by 2003 was used by over ten million people worldwide, according to the XMPP Standards Foundation.
Because some organizations want to archieve employees chat messagers in their network, from version “en.3.3.174″, WFilter added support of recording jabber messages.
However, since the default traffic of XMPP clients is encrypted and compressed, to enable WFilter to monitor chat messages of Jabber client. You need to disable encryption and compression in jabber server settings.

Let’s take openfire as an example.

First, disable SSL/TLS in “security settings”.

Second, disable compression in “compression settings”.

Now, Jabber(XMPP) messages will be recorded in WFilter.

More information, please check “WFilter Enterprise”.
Other related links:
How to block internet downloading?
How to monitor internet usage on company network?
Internet monitoring software for business
How to filter web surfing?
How to block websites and restrict internet access?
How to Block Bittorrent and bitcomet?
How to block msn file transfer?
How to block certain websites to save your productivity?
How to block AIM using WFilter?

After logging in, be sure to visit all the options under Configuration in the Admin Menu Bar above. There are 26 themes to choose from, and you can also create your own.