When I look in "web usage" to see what sites are being surfed to, it detects some of them but not wikipedia.org for example. Any ideas why?
I use a Linksys WRT54GL v1.1 router and the gargoyle_bleeding_edge-brcm.trx (with md5: e58d5ba2375f5748beec27830ac038e3) flash file.
Could it be some cache on the client preventing dns lookups that in turn causes the logging to not detect the web address?
Why isn't everything logged?
What is logged?
What is not logged?
I have "Monitor All IP Addreses" chosen, and still it seems to be skipping a lot of visited sites.
Status - web usage, doesn't detect wikipedia.org
Moderator: Moderators
Re: Status - web usage, doesn't detect wikipedia.org
Caching is one possibility -- the monitor certainly won't pick up any site loaded from the cache since no packets went through the network. Another possibility is if your network is really busy the monitor may not be able to keep up with the traffic.
However, I did just patch a major bug in the web monitor last night (this was caused by a buffer overflow error and was causing source ips to be reported incorrectly). While not directly related to your problem, it's possible that this bug-fix will reduce processing time per packet, and thus fix (or at least help) your problem if the issue is due to network congestion.
However, I did just patch a major bug in the web monitor last night (this was caused by a buffer overflow error and was causing source ips to be reported incorrectly). While not directly related to your problem, it's possible that this bug-fix will reduce processing time per packet, and thus fix (or at least help) your problem if the issue is due to network congestion.
Re: Status - web usage, doesn't detect wikipedia.org
Great! Thanks for giving such an informative response. I suppose I could just try to download the bleeding edge binary and update the router again to get your fix?Eric wrote:Caching is one possibility -- the monitor certainly won't pick up any site loaded from the cache since no packets went through the network. Another possibility is if your network is really busy the monitor may not be able to keep up with the traffic.
However, I did just patch a major bug in the web monitor last night (this was caused by a buffer overflow error and was causing source ips to be reported incorrectly). While not directly related to your problem, it's possible that this bug-fix will reduce processing time per packet, and thus fix (or at least help) your problem if the issue is due to network congestion.
Also, can you point me in the right direction where I could find, an as easy to understand as possible, source of information about how to install ettercap on the router itself, if its possible? I suppose it is but maybe the package would be too big to fit the tiny 4 MB flash memory.