Using router to check on web activity

[ivanvamp]

Hey guys,
 
I have teenage kids and am looking to be a snoopy parent and check in on their web activity.  How much can I see of their activity by examining the router log?  For example, if they are on Yahoo, can I see that they've been on Yahoo?  Or can I get more detailed than that and actually see what specific email account they're using on Yahoo?  (and maybe even passwords?)  I have some concerns here and I would like to know what I can and cannot observe.  Any help technically along these lines would be appreciated.

 

[The Talented Allen Ripley]

If your mistrust is that severe, don't let the kids use the computer.

 

[NortheasternPJ]

I agree with Rip, you've got larger problems.
 
Depending on your router you could probably syslog logs off to a syslog server to find out what IPs etc. they're going to depending on the model, then look up the domains etc. Highly doubtful you can get more than that easily. 

 

[soxhop411]

For 40 dollars you can buy net nanny. Though you would need to install it in your child's computer I think

Other then that I don't think you can see internet activity Via the router

 

[soxhop411]

Just found this. I don't know how much it will help you

http://www.ehow.com/how_6885598_monitor-internet-activity-router.html#page=9

 

[AlNipper49]

I agree with Rip, you've got larger problems.
 
Depending on your router you could probably syslog logs off to a syslog server to find out what IPs etc. they're going to depending on the model, then look up the domains etc. Highly doubtful you can get more than that easily. 

 
sure you can - opendns

 

[HillysLastWalk]

Can't the router at least get the OP all requested internet traffic (if that logging is turned on)?  Example: if I type in www.google.com in my browser and press enter, won't the router at least log the request to www.google.com with the HTTP return code of 200?  I'd think OP could get all requests that way.  Well, if they aren't going through the cellular network instead of your home network (from there I'd contact your phone provider).
 
My kids aren't old enough yet, but once they are of the mind to potentially go to harmful sites unsupervised, I'd be thinking of installing some software -- hopefully on the router --- that blocks all internet traffic.  That's where you start.  Blocking everything (outside of having/knowing some admin password).  If the kids want to go to a site outside of some simple ones you might add from the start (e.g. search engines, wiki, etc) - they have to request it from you.
 
Lastly, I guess I'd want all passwords to any email accounts, facebook accounts, twitter accounts, etc.  If you are a child living in my house, I want to be able to log-in.  Otherwise, tough cookies.  Outside of requesting that, you'd have to install some type of key-logger software to steal passwords or something.  I don't even want to be sneaky like that.  I want them to know the rules up-front.  That way there is no deception.
 
Shooting from the hip here ...

 

[ivanvamp]

Guys, I'm not asking you to examine the larger issues here.  I just want the technical info, if you can help.  What can a router log detect?  Say we have gmail accounts.  If someone were to log into gmail, would a router simply show that that person logged into gmail?  Or would it be able to show *which* gmail account was being accessed?

 

[AlNipper49]

You are barking up the wrong tree looking at the router.  It's technically possible but most home routers aren't going to support what you want. If you are willing to buy another one or even better have the wherewithall to roll your own then it's a different story (something like Untangle). Something like opendns is cheap and does what you want.  Otherwise just install something on the PC, there are a billion options.  If you really want to be draconian you can use something like deepfreeze that has a cloud offering now.  It's a bit more complex though. 

 

[Blacken]

Guys, I'm not asking you to examine the larger issues here.

There are no technical issues here, you're just a bad parent.

 

[ivanvamp]

There are no technical issues here, you're just a bad parent.

 
Hey, go take a flying leap.  

 

[ivanvamp]

You are barking up the wrong tree looking at the router.  It's technically possible but most home routers aren't going to support what you want. If you are willing to buy another one or even better have the wherewithall to roll your own then it's a different story (something like Untangle). Something like opendns is cheap and does what you want.  Otherwise just install something on the PC, there are a billion options.  If you really want to be draconian you can use something like deepfreeze that has a cloud offering now.  It's a bit more complex though. 

 
Ok, thanks.  

 

[ivanvamp]

If your mistrust is that severe, don't let the kids use the computer.

 
Sadly, this is not possible.  Our school system requires them to use the computer a lot.  The mistrust isn't severe.  We've had conversations with numerous parents around here who have been blindsided by what their kids are looking at.  Some are using this program (which is news to me) called Incognito, which apparently hides what sites are being used.  My kids have admitted to having used it before as well.  I heard from someone that a router can pick up internet activity, but I'm not sure (a) if that's true, or (b) what the limits of it are.  So I'm just asking questions.
 
I appreciate the help some of you are giving.  To those that just want to be dicks and say dumbass things like I'm a bad parent, please just refrain from commenting.  

 

[AlNipper49]

opendns will pick up on incognito mode as well in case you were wondering..  Again, it's not tell you exactly who visited what as it can only see what requests are coming from your router, not who made them.  But if it's something like boobies.com and you know that you haven't been there, then either your wife is a closet lesbian (I wouldn't blame her) or it's your kid(s)

 

[JerBear]

Incognito is a mode in Chrome that disables cookie/history storing, not a special program.  Best option is to just use OpenDNS in the short term.  
 
A router technically has all that information you're looking for but most consumer ones don't keep it long enough to audit the records.

 

[absintheofmalaise]

Chrome has an Incognito setting you can open up new tabs in. You can access it by clicking on the three lines in the upper right hand corner. 
 
And people are going to be dicks here. It happens all the time. Deal with it. 

 

[ivanvamp]

Chrome has an Incognito setting you can open up new tabs in. You can access it by clicking on the three lines in the upper right hand corner. 
 
And people are going to be dicks here. It happens all the time. Deal with it. 

 
Yes, apparently so.

 

[Seven Costanza]

EDIT: nevermind

 

[Rudi Fingers]

opendns will pick up on incognito mode as well in case you were wondering..  Again, it's not tell you exactly who visited what as it can only see what requests are coming from your router, not who made them.  But if it's something like boobies.com and you know that you haven't been there, then either your wife is a closet lesbian (I wouldn't blame her) or it's your kid(s)

Also, if your router supports open source firmware like DD-WRT, you can make sure that the teens are forced to use OpenDNS servers, even if the settings on their laptops or phones are modified to point them to other DNS servers.  See http://www.dd-wrt.com/wiki/index.php/OpenDNS for instructions.  I have set this up before and it is very effective.  
 
 
Of course, if the teens are able to turn off wifi and tether data through their phone, all the logging in the world on your router isn't going to help you

 

[DJnVa]

Guys, I'm not asking you to examine the larger issues here.

 
First day here?
 
That aside, good luck...

 

[Hoplite]

Trying to keep your kids from looking at porn is a losing battle.

 

[Reverend]

I never thought I would live to see the day that SoSHers helped prevent  teenagers from getting porn.

 

[AlNipper49]

We just got done chatting about how many rocks we needed to look under to find soaked copies of Oui. 
 
If these little bastards can't outsmart dad by changing their DNS or something then they don't deserve the firehose of porn that the internet represents.

 

[Blacken]

Hey, go take a flying leap.

Can't. Need to infect your children with un-Godly communist propaganda.












And I'm winning. :buddy:

 

[Hoplite]

It would probably be safest if you invited all of their friends over to have a supervised porn party. That way you can ensure that they only consume the porn in moderation and that they don't drive home with blurry eyes.

 

[mt8thsw9th]

Why not talk to the kids instead of spying on them? Once you get caught doing the latter, they're going to lose trust in you and turn to offline things like drugs. Or something.
 
Though the Gmail thing sounds fishy, and it sounds like there's another family member of yours that you're trying to get access to their email because you don't trust them. If it's not your kids, the same advice goes: talk to them.

 

[ivanvamp]

Why not talk to the kids instead of spying on them? Once you get caught doing the latter, they're going to lose trust in you and turn to offline things like drugs. Or something.
 
Though the Gmail thing sounds fishy, and it sounds like there's another family member of yours that you're trying to get access to their email because you don't trust them. If it's not your kids, the same advice goes: talk to them.

 
Thanks.  No, we've had plenty of open conversations.  And yet they, being teenagers, still try to sneak things behind my back.  Just like we did with our parents.  So they know that our policy is that we want to be checking in on them from time to time.  
 
I assume that most responsible parents want to keep tabs on what their kids do online.  Maybe I'm way off there.  
 
Anyway, again, thanks for the helpful words to those of you that have been helpful.  For those that are just being ridiculous, well, I'm not really considering your input as being very helpful.  But thanks anyway.

 

[behindthepen]

opendns is also helpful for blocking sites and categories of sites as well.  I was a big fan and then we switched to xfinity, which won't allow it.

 

[IpswichSox]

Normal but not obsessive parental monitoring was so much easier when the prevailing advice was just to make sure the desktop was in a central location in the house, easily viewed by parents. Then laptops chipped away at that, and laptops found their way into kids' bedrooms or in the basement. Now mobile devices, some with cellular access, make monitoring effectively impossible. Sure, sometimes the kids are dumb enough not to clear out their browsing history or they don't delete a conversation. But half the time you don't even know which texting app happens to be the flavor of the month that they're using.

 

[SumnerH]

opendns is also helpful for blocking sites and categories of sites as well.  I was a big fan and then we switched to xfinity, which won't allow it.

 
OpenDNS works fine with xfinity, their router won't auto-provision it but you can either manually configure it or put your own wireless router behind theirs and set it up however you like.

 

[Couperin47]

No one has mentioned what happens when the kids find out about, or decide to invest their meager funds in a VPN service...

 

[SumnerH]

No one has mentioned what happens when the kids find out about, or decide to invest their meager funds in a VPN service...

 
Theoretically you can put your own router/firewall (E.g. a small linux or openbsd box) between them and the internet and block VPN services that you see them connecting to.
 
In the real world, at some point you need some level of trust.  They're going to be able to find open wireless at the neighbor's, Starbucks, or somewhere outside of your control pretty easily.

 

[Couperin47]

 
Theoretically you can put your own router/firewall (E.g. a small linux or openbsd box) between them and the internet and block VPN services that you see them connecting to.
 
In the real world, at some point you need some level of trust.  They're going to be able to find open wireless at the neighbor's, Starbucks, or somewhere outside of your control pretty easily.

 
Well he may succeed in forcing the kids to watch all their porn on a 5" screen....

 

[NortheasternPJ]

 
sure you can - opendns

 
I was assuming he wanted to check previous behavior, not implement something new. OpenDNS would be a good choice.

 

[garlan5]

Great topic. My kids are young but my sisters are close to getting cell phones etc. we just had this discussion. Her policy will be open access to any social media site and text. Anytime a password changes the device will be taken away. I think she plans to get her girls a no data plan phone only. I don't think plans to monitor internet with any software but I don't think she will allow it in their bedroom. I think that plan is smart parenting.

 

[HriniakPosterChild]

How do you prevent the kids from seeing what you want to censor when they are at a friend's house?

What keeps them from having a parent-friendly Facebook pageyou can login to and a friend-friendly one with a private psssword?

 

[garlan5]

How do you prevent the kids from seeing what you want to censor when they are at a friend's house?

What keeps them from having a parent-friendly Facebook pageyou can login to and a friend-friendly one with a private psssword?

You can't. You just keep it known that you are watching. If you make it known early and you enforce rules then it will only make it less likely they will engage in reckless behavior. Allowing them to have access but with restrictions can only be a net positive in my mind. for me living in a small rural community is a great benefit. I know all the parents around our community and that only helps with any possible usage away from home. By the time my kids get old enough I hope the community will be on the same page.

 

[The Talented Allen Ripley]

 
Thanks.  No, we've had plenty of open conversations.  And yet they, being teenagers, still try to sneak things behind my back.  Just like we did with our parents.  So they know that our policy is that we want to be checking in on them from time to time.  
 
I assume that most responsible parents want to keep tabs on what their kids do online.  Maybe I'm way off there.  
 
Anyway, again, thanks for the helpful words to those of you that have been helpful.  For those that are just being ridiculous, well, I'm not really considering your input as being very helpful.  But thanks anyway.

 
Christ, you're a sensitive fuck.

 

[ivanvamp]

 
Christ, you're a sensitive fuck.

 
Apparently.  
 
And an awful parent, to boot.
 
And an idiot technologically.  

 

[SumnerH]

 
Apparently.  
 
And an awful parent, to boot.
 
And an idiot technologically.  

Triple threat!

 

[ivanvamp]

Triple threat!

 
I know, right!  ;-)
 
This place is awesome for one's self-esteem.  

 

[kelpapa]

 
Some are using this program (which is news to me) called Incognito, which apparently hides what sites are being used.  My kids have admitted to having used it before as well.  

How do you look at porn if you don't know what incognito mode is?

 

[Traut]

 
I know, right!  ;-)
 
This place is awesome for one's self-esteem.  

I'll save you the trouble.....I'm the one fucking your wife. Save the money you would have spent on spyware and invest in a good divorce lawyer.

 

[Frisbetarian]

Is it mean to hope his kids are checking out gay porn, or would that be karma?

 

[absintheofmalaise]

They are probably going to evolution sites.

 

[Time to Mo Vaughn]

Hey guys,
 
I have teenage kids and am looking to be a snoopy parent and check in on their web activity.  How much can I see of their activity by examining the router log?  For example, if they are on Yahoo, can I see that they've been on Yahoo?  Or can I get more detailed than that and actually see what specific email account they're using on Yahoo?  (and maybe even passwords?)  I have some concerns here and I would like to know what I can and cannot observe.  Any help technically along these lines would be appreciated.

 
Since no one else is actually helping out with your question, I'll give it a shot:
 
1) Go get yourself a couple of Solera or Netwitness appliances. Either one will do the trick, but make sure to get back up for redundancy in case one goes down.
2) Put them at all the egress points for your network
 
You can now view all HTTP traffic, but this won't get you where you need to be. If you're going to nail down those little shits, you need to get through the SSL encrypted sites as well.
 
3) Install root and mid tier certificates onto all the devices that are accessing your network, and make sure your full packet capture appliance of choice has the master certificates.
 
Boom, you've now gained the mother load. Full access into any site, port, field, password, etc. The NSA won't be able to hide from you!

 

[Dogman]

I'll save you the trouble.....I'm the one fucking your wife. Save the money you would have spent on spyware and invest in a good divorce lawyer.

 
Know any?

 

[NortheasternPJ]

 
Since no one else is actually helping out with your question, I'll give it a shot:
 
1) Go get yourself a couple of Solera or Netwitness appliances. Either one will do the trick, but make sure to get back up for redundancy in case one goes down.
2) Put them at all the egress points for your network
 
You can now view all HTTP traffic, but this won't get you where you need to be. If you're going to nail down those little shits, you need to get through the SSL encrypted sites as well.
 
3) Install root and mid tier certificates onto all the devices that are accessing your network, and make sure your full packet capture appliance of choice has the master certificates.
 
Boom, you've now gained the mother load. Full access into any site, port, field, password, etc. The NSA won't be able to hide from you!

Or you can just buy a Palo Alto 200 like I have at home. When my wife pisses me off I block Pinterest.

 

[Couperin47]

Or you can just buy a Palo Alto 200 like I have at home. When my wife pisses me off I block Pinterest.

 
You have a Palo Alto 200 at home and are fighting to get a generic 37" LED to watch in bed...man have your priorities gotten screwed up....

 

[MetSox1]

Buy a gun.