• We've upgraded our forums. Please post any issues/requests in this thread.

Is it possible for a server admin to know what a user is browing on the network?

Joined
Jun 12, 2007
Messages
4,815 (1.25/day)
Likes
639
Location
Wangas, New Zealand
System Name Darth Obsidious
Processor Intel i5 2500K
Motherboard ASUS P8Z68-V/Gen3
Cooling Cooler Master Hyper 212+ in Push Pull
Memory 2X4GB Corsair Vengeance DDR3 1600
Video Card(s) ASUS R9 270x TOP
Storage 128GB Samsung 830 SSD, 1TB WD Black, 2TB WD Green
Display(s) LG IPS234V-PN
Case Corsair Obsidian 650D
Audio Device(s) Infrasonic Quartet
Power Supply Corsair HX650w
Software Windows 7 64bit and Windows XP Home
Benchmark Scores 2cm mark on bench with a razor blade.
#1
I know there is a way to monitor which PC is doing the downloading and how much bandwidth it is using from the server, but is there a way to find out what the culprit machine is browsing/downloading without physically going to the culprit machine on the network?
 
Joined
Jun 28, 2008
Messages
1,107 (0.32/day)
Likes
176
Location
Greenville, NC
System Name Champ's 1440P Rig
Processor Intel i7-4770K @ 4.6 GHz
Motherboard AsRock Z97 Extreme6
Cooling Corsair H60
Memory Corsair Vengeance 16GB 1600 Mhz 4x4 Blue Ram
Video Card(s) Nvidia 1080 FE
Storage Samsung 840 Evo 256 GB/RAID 0 Western Digital Blue 1 TB HDDs
Display(s) Acer XG270HU
Case Antec P100
Power Supply Corsair CX850M
Mouse Logitech G502
Keyboard TT eSports Poseidon
Software Windows 10
#2
Yep, I seen it when I sure my intership at the hospital. It was like remote desktop, but he was able to monitor any computer in the network and even take full control of it and I think block you out. Then there are server files that always keep track of where you are
 
Joined
May 21, 2009
Messages
4,966 (1.59/day)
Likes
1,511
System Name i7-PC / HTPC / iMac
Processor i7 3820 / Phenom II 940
Motherboard GIGABYTE G1.ASSASSIN2 / M3A79-T Deluxe
Cooling Corsair Hydro H100i / Scythe II (HS only)
Memory G.SKILL Trident X Series 8GB (2 x 4GB) DDR3 1600mhz / 4GB DDR2 1066 (@800) Corsair Dominator
Video Card(s) GB Radeon HD 7950s 3GB / GB Radeon HD 7950s 3GB
Storage 2x 80GB Intel X-25, 2x600gb SATA, 1x1tb 5400RPM storage /1x600GB, 3x500GB,1x160,1x120 SATA
Display(s) 1x 27" Yamakasi / Vizio 42" HDTV
Case Lian Li Lancool PC-K58 / Antec 900
Audio Device(s) HT Omega Striker 7.1 / Onboard and HDMI from ATi Card
Power Supply PC Power & Cooling 750W / 610W
Software Ubuntu / Windows 8.1 Pro / OS X / PHPStorm / Gaming
#3
aside from vnc as champ has mentioned, there are also monitoring tools that can show an administrator all of the requests going in and out of a router/network.

it is something easily done by an administrator worth their salt.
 

brandonwh64

Addicted to Bacon and StarCrunches!!!
Joined
Sep 6, 2009
Messages
19,517 (6.45/day)
Likes
6,937
Location
Chatsworth, GA
System Name The StarCrunch Defender! | X58 Cruncher!
Processor I7 6700K @ STOCK | Intel I7-920
Motherboard Gigabyte Z170X-UD5 | Alienware MS-7543 X58
Cooling Corsair A70 Push/Pull | Corsair H50
Memory Crucial Ballistix DDR4 2400 MHz | Pereema 3x2GB DDR3
Video Card(s) Gigabyte Gaming G1 GTX 1070 | Gigabyte 7970 3GB
Storage 2x Samsung Pro 256GB M.2 SSD's in Raid 0 | 4TB Western Digital SATA drive
Display(s) ViewSonic VG2227wm 1080P | OLD viewsonics
Case NZXT Tempest 410 Elite | NZXT Source 210
Audio Device(s) Onboard
Power Supply Corsair 750TX | Enermax Liberty 500W
Mouse MX518 | MX502
Keyboard TESORO Mechanical | ANZO Mechanical
Software Windows 10 Pro on both
#4
Windows shared services should be able to track files on the domain that are transferred from server to machine. Also you can track UDP and TCP connections from each host name as well.
 
Joined
Jun 12, 2007
Messages
4,815 (1.25/day)
Likes
639
Location
Wangas, New Zealand
System Name Darth Obsidious
Processor Intel i5 2500K
Motherboard ASUS P8Z68-V/Gen3
Cooling Cooler Master Hyper 212+ in Push Pull
Memory 2X4GB Corsair Vengeance DDR3 1600
Video Card(s) ASUS R9 270x TOP
Storage 128GB Samsung 830 SSD, 1TB WD Black, 2TB WD Green
Display(s) LG IPS234V-PN
Case Corsair Obsidian 650D
Audio Device(s) Infrasonic Quartet
Power Supply Corsair HX650w
Software Windows 7 64bit and Windows XP Home
Benchmark Scores 2cm mark on bench with a razor blade.
#5
I'll have to look into this do I can see how detailed the information is.
For example if someone is torrenting, I would like to know if I can tell the name of the exact file(s) they are downloading.

Piracy in New Zealand is pretty heavy now and can have serious implications for the person downloading after a while.

The catch with the network I am working on is, people can come in with their laptops and use the connection which means I can not gain remote access to these computers.
 
Joined
Oct 2, 2005
Messages
2,909 (0.65/day)
Likes
658
Location
Baltimore MD
Processor FX-8320@ 4.2Ghz
Motherboard Gigabyte 970A-UD3
Cooling Xigmatek S1283
Memory 2x4Gb Corsair 1600 9-9-9-24
Video Card(s) Sapphire RX-480 Nitro
Storage OCZ Vertex 3 120G, 1TB WD Black
Display(s) Dell S2330MX
Case Corsair Carbide Air 540
Audio Device(s) X-Fi Fatal1ty / 5.1 Logitech Z-5500
Power Supply Silverstone DA750
Software Win10 pro 64bit
#6
wireshark is your friend
 

DeAtHWiSh

New Member
Joined
Dec 24, 2007
Messages
197 (0.05/day)
Likes
48
Location
Miami, FL
System Name Desktop / Laptop
Processor AMD Thuban 1090T@3.6GHz HT@2.6GHz / Intel i7 2630QM @ 2.0GHz
Motherboard Asus CH V 990FX / Intel HM67
Cooling Corsair H100 CPU Load @ 48C (Fans on Low 24/7) / Stock
Memory G.SKILL Sniper Series (2 x 4GB) DDR3 1600 9-9-9-24-2T / Corsiar Vengence DD3 1600 (4GB x 2)
Video Card(s) ASUS 580 GTX DCII / NVidia 555M 1.5GB
Storage OCZ Vertex III 120GB (OS) - Seagate Barracuda 320GB-7200RPM (X2 in RAID 0) / PNY 128GB SSD
Display(s) HP 2711x 1080P 27'' LED ON DVI / 14'' LED 900p
Case Cooler Master HAF X 942 / Alienware
Audio Device(s) Realtek ALC892 8-Channel HD Audio / Realtek HD Audio
Power Supply Cooler Master Silent Pro 850W / Stock
Software Windows 7 Ultimate 64 Bit / Windows 7 Home Premium
Benchmark Scores Real Men Crunch 4 TPU!
#7
Tor browser :( or not
 
Last edited:
Joined
Jun 12, 2007
Messages
4,815 (1.25/day)
Likes
639
Location
Wangas, New Zealand
System Name Darth Obsidious
Processor Intel i5 2500K
Motherboard ASUS P8Z68-V/Gen3
Cooling Cooler Master Hyper 212+ in Push Pull
Memory 2X4GB Corsair Vengeance DDR3 1600
Video Card(s) ASUS R9 270x TOP
Storage 128GB Samsung 830 SSD, 1TB WD Black, 2TB WD Green
Display(s) LG IPS234V-PN
Case Corsair Obsidian 650D
Audio Device(s) Infrasonic Quartet
Power Supply Corsair HX650w
Software Windows 7 64bit and Windows XP Home
Benchmark Scores 2cm mark on bench with a razor blade.
#8
Correct me if I'm wrong.

So it seems windows server alone can not see exactly what a person is downloading if the connected computer is not set up specifically unless third party software is installed on the server?

EDIT:-
Isn't Tor designed to block the network from knowing where you've been?
 
T

twilyth

Guest
#9
You need something that encrypts from end to end - like https vs http.

The only way to do this without installing software is to use something like a VPN. This will encrypt everything between your machine and the VPN server. However it's hard to find fast, reliable free vpns. Generally you will have to use a commercial service. The good news is that they aren't that expensive if you shop around.
 

Easy Rhino

Linux Advocate
Joined
Nov 13, 2006
Messages
14,405 (3.55/day)
Likes
4,257
System Name VHOST01 | Desktop
Processor i7 980x | i5 7500 Kaby Lake
Motherboard Gigabyte x58 Extreme | AsRock MicroATX Z170M Exteme4
Cooling Prolimatech Megahelams | Stock
Memory 6x4 GB @ 1333 | 2x 8G Gskill Aegis DDR4 2400
Video Card(s) Nvidia GT 210 | Nvidia GTX 970 FTW+
Storage 4x2 TB Enterprise RAID5 |Corsair mForce nvme 250G
Display(s) N/A | Dell 27" 1440p 8bit GSYNC
Case Lian Li ATX Mid Tower | Corsair Carbide 400C
Audio Device(s) NA | On Board
Power Supply SeaSonic 500W Gold | Seasonic SSR-650GD Flagship Prime Series 650W Gold
Mouse N/A | Logitech G900 Chaos Spectrum
Keyboard N/A | Posiden Z RGB Cherry MX Brown
Software Centos 7 | Windows 10
#10
is it possible for a server admin to know what a user is browsing on the network? yes of course. the question though should be legal in nature and not technical. if you work for a private company and you are worried that perhaps you have been browsing illegal or inappropriate material while on their network you should look into their privacy policy. most private companies consider the network "theirs" and do not give the impression to their employees that they are provided a level of privacy. public institutions though like state schools and possibly public hospitals will almost never look into what an employee has been doing since it is public and considered protected.

so if you looked at some pron and think you will be fired check out your companies privacy policy and find yourself a good lawyer. even if you did something bad you may actually be able to win out in a lawsuit if your employer illegally spied on you.
 
T

twilyth

Guest
#11
As a general rule, unless you are in a union or get paid by the hour, you're what is referred to as an "at-will" employee. That means that they can fire you for any reason or no reason at all.

There are some limitations on this right though and this may be one of them. I don't know.
 

Easy Rhino

Linux Advocate
Joined
Nov 13, 2006
Messages
14,405 (3.55/day)
Likes
4,257
System Name VHOST01 | Desktop
Processor i7 980x | i5 7500 Kaby Lake
Motherboard Gigabyte x58 Extreme | AsRock MicroATX Z170M Exteme4
Cooling Prolimatech Megahelams | Stock
Memory 6x4 GB @ 1333 | 2x 8G Gskill Aegis DDR4 2400
Video Card(s) Nvidia GT 210 | Nvidia GTX 970 FTW+
Storage 4x2 TB Enterprise RAID5 |Corsair mForce nvme 250G
Display(s) N/A | Dell 27" 1440p 8bit GSYNC
Case Lian Li ATX Mid Tower | Corsair Carbide 400C
Audio Device(s) NA | On Board
Power Supply SeaSonic 500W Gold | Seasonic SSR-650GD Flagship Prime Series 650W Gold
Mouse N/A | Logitech G900 Chaos Spectrum
Keyboard N/A | Posiden Z RGB Cherry MX Brown
Software Centos 7 | Windows 10
#12
As a general rule, unless you are in a union or get paid by the hour, you're what is referred to as an "at-will" employee.
that varies from state to state.
 
Joined
Jun 12, 2007
Messages
4,815 (1.25/day)
Likes
639
Location
Wangas, New Zealand
System Name Darth Obsidious
Processor Intel i5 2500K
Motherboard ASUS P8Z68-V/Gen3
Cooling Cooler Master Hyper 212+ in Push Pull
Memory 2X4GB Corsair Vengeance DDR3 1600
Video Card(s) ASUS R9 270x TOP
Storage 128GB Samsung 830 SSD, 1TB WD Black, 2TB WD Green
Display(s) LG IPS234V-PN
Case Corsair Obsidian 650D
Audio Device(s) Infrasonic Quartet
Power Supply Corsair HX650w
Software Windows 7 64bit and Windows XP Home
Benchmark Scores 2cm mark on bench with a razor blade.
#13
You need something that encrypts from end to end - like https vs http.

The only way to do this without installing software is to use something like a VPN. This will encrypt everything between your machine and the VPN server. However it's hard to find fast, reliable free vpns. Generally you will have to use a commercial service. The good news is that they aren't that expensive if you shop around.
I guess this is why I was running around in circles when trying to figure out what computer was downloading what via windows server trying to find out what computer was downloading what without being blatantly obvious.

Windows server alone is not capable of what I am trying to do.

It appears the perpetrator is as safe from me knowing what they have been downloading through the server if their security settings are at default.

Only knowing the bandwidth downloaded during that time.

Hopefully I can get the senior network admin to install some third party software.
Unfortunately the senior admin thinks anything anyone installs on the network which is not his idea will mess it up beyond repair.
 
Joined
Jun 4, 2011
Messages
3,051 (1.28/day)
Likes
1,274
System Name The SwagMachine / The Sister
Processor Core i5 3570K @5.2ghz 1.3V/ 1100T
Motherboard ASUS P8Z77-V / ASUS M5A99X EVO
Cooling Phanteks PH TC14PE / Corsair H40
Memory M379B5273DH0-YK0 2X4GB + PVI316G213C1QK 2X4GB / 2x4GB Patriot 2133
Video Card(s) PNY 780Ti /Windforce 7950
Storage 2xSamsung 840 EVO 250gb+WD10EZEX + WD30EZRX/ 1x WD1500 Black
Display(s) AOC Q2963PM+Acer S200HL / Acer S200L+ LG 22LD350
Case Fractal Define R4 / NZXT Trinity
Audio Device(s) Asus Xonar DG / Asus Xonar DG
Power Supply Seasonic 750X / ROSEWILL RG630-S12 630W R
Mouse Razer Deathadder Chroma / Roccat Kone+
Keyboard Razer Blackwidow 2013 Stealth / Roccat Isku
Software Windows 8.1 Pro / Windows 7 Ultimate
Benchmark Scores one time I scored a 3 on 3dmark 11
#14
is it possible for a server admin to know what a user is browsing on the network? yes of course. the question though should be legal in nature and not technical. if you work for a private company and you are worried that perhaps you have been browsing illegal or inappropriate material while on their network you should look into their privacy policy. most private companies consider the network "theirs" and do not give the impression to their employees that they are provided a level of privacy. public institutions though like state schools and possibly public hospitals will almost never look into what an employee has been doing since it is public and considered protected.

so if you looked at some pron and think you will be fired check out your companies privacy policy and find yourself a good lawyer. even if you did something bad you may actually be able to win out in a lawsuit if your employer illegally spied on you.
I know they log searches, and can watch your screen/lock your pc at my school, a few kids have been busted for going on facebook and such, you are never safe, they are watching.
 

Easy Rhino

Linux Advocate
Joined
Nov 13, 2006
Messages
14,405 (3.55/day)
Likes
4,257
System Name VHOST01 | Desktop
Processor i7 980x | i5 7500 Kaby Lake
Motherboard Gigabyte x58 Extreme | AsRock MicroATX Z170M Exteme4
Cooling Prolimatech Megahelams | Stock
Memory 6x4 GB @ 1333 | 2x 8G Gskill Aegis DDR4 2400
Video Card(s) Nvidia GT 210 | Nvidia GTX 970 FTW+
Storage 4x2 TB Enterprise RAID5 |Corsair mForce nvme 250G
Display(s) N/A | Dell 27" 1440p 8bit GSYNC
Case Lian Li ATX Mid Tower | Corsair Carbide 400C
Audio Device(s) NA | On Board
Power Supply SeaSonic 500W Gold | Seasonic SSR-650GD Flagship Prime Series 650W Gold
Mouse N/A | Logitech G900 Chaos Spectrum
Keyboard N/A | Posiden Z RGB Cherry MX Brown
Software Centos 7 | Windows 10
#15
I know they log searches, and can watch your screen/lock your pc at my school, a few kids have been busted for going on facebook and such, you are never safe, they are watching.
with windows active directory, everything can be logged very easily. linux admins have to do more work which is why most places just setup a domain controller and have all of the PCs on the network log in to the domain with a users log/pass. from there the admins can completely control the PC. this is why the question should be legal in nature. every corporation, institution has their own policy regarding employee or student privacy.
 
Joined
Aug 10, 2007
Messages
4,059 (1.07/day)
Likes
1,123
Location
Geneva, FL, USA
Processor Intel i5-6600
Motherboard ASRock H170M-ITX
Cooling Cooler Master Geminii S524
Memory G.Skill DDR4-2133 16GB (8GB x 2)
Video Card(s) Gigabyte R9-380X 4GB
Storage Samsung 950 EVO 250GB (mSATA)
Display(s) LG 29UM69G-B 2560x1080 IPS
Case Lian Li PC-Q25
Audio Device(s) Realtek ALC892
Power Supply Seasonic SS-460FL2
Mouse Logitech G700s
Keyboard Logitech G110
Software Windows 10 Pro
#16
We know and see all! Pay tribute or be turned over to HR!

- Lunch
- Liquor
 
Joined
Jul 3, 2008
Messages
166 (0.05/day)
Likes
84
Processor Intel Core i7 5820k
Motherboard MSI X99S-GAMING7
Cooling Corsair H105
Memory 16GB G.SKILL DDR4
Video Card(s) Geforce GTX970
Storage Samsung 840 Evo
Display(s) Samsung U28E590DS UHD
Case Corsair 800D
Audio Device(s) ASUS XONAR
Power Supply Corsair HX850i
Mouse Raze Naga
Keyboard Filco Majestouch
Software Windows 8.1 x64
#17
Solarwinds make a whole plethora of applications that you can use to track this information, although it doesn't come cheap. A much easier option would be to simply block all the ports on the firewall and force everyone to browse through a proxy server. That way everything they do is logged and everything that attempts to go directly to the web gets blocked.

If a proxy server isn't practical then block all unneccessary ports. You should do this anyway, not blocking unused ports is akin to locking the front door but leaving the backdoor and windows wide open.

Alternately having a look at the UPnP port list on the router should quickly show the source IP of the torrenting demon. The port should be a rather high number, normally it will also use the same port on both TCP and UDP traffic, which makes it easier to spot.

Windows server will only have a record of what is accessed from THAT server (provided auditing is setup to do so). Your network admin should be able to identify and resolve this extremely quickly if he is half competent.
 
Joined
Jun 12, 2007
Messages
4,815 (1.25/day)
Likes
639
Location
Wangas, New Zealand
System Name Darth Obsidious
Processor Intel i5 2500K
Motherboard ASUS P8Z68-V/Gen3
Cooling Cooler Master Hyper 212+ in Push Pull
Memory 2X4GB Corsair Vengeance DDR3 1600
Video Card(s) ASUS R9 270x TOP
Storage 128GB Samsung 830 SSD, 1TB WD Black, 2TB WD Green
Display(s) LG IPS234V-PN
Case Corsair Obsidian 650D
Audio Device(s) Infrasonic Quartet
Power Supply Corsair HX650w
Software Windows 7 64bit and Windows XP Home
Benchmark Scores 2cm mark on bench with a razor blade.
#18
I guess the assumption with the senior network admin, is these kids only know facebook and youtube so adding a third party app which is going to cost would be a waste of money as where I live, we don't get many computer savvy people around.

Especially where I'm designated to give a hand but in a way which costs $0.