-
Re: Monitoring Web Traffic
mesverrum
Aug 1, 2019 10:34 AM
Do your network devices support NBAR2 protocol?
-
Re: Monitoring Web Traffic
Craig Norborg
Aug 5, 2019 1:12 PM
Hmmm... Offhand I'm guessing that the answer is "no" because of the way that webpages and services like akamai and AWS work, not to mention netflow. Netflow itself is a fairly simple technology at the root of it. It watches traffic flows go through an interface, it doesn't know about the how the data got there. It doesn't know that a person clicked on a specific link to load a webpage, nor does it know that a given webpage might have resources embedded that are on different sites, such as ads, graphics, or videos, which might be hosted on a geographically diverse service such as Akamai. I can't think of a way that it, or NBAR, would glean such data. Even if you gathered the data for a user in a given minute lets say, there is nothing to prevent the user from having multiple browsers, or browser tabs, open and going to different sites at the same time. I know I do quite often. Not to mention things loading in the background.
I think what you are actually looking for if something like that is what you want, would be some sort of employee Internet management software. I know WebSense used to be big in this, known for its reporting side of it all. There are quite a few others out there too I'm sure. Some folks have done it with a squid proxy. But, while they can potentially see the page content as it goes through their software, I'm unsure if they would relate media contained elsewhere to the original page or not.