Five By Five <5x5@5x5.com> hath wroth:
>Is there an application that allows me to sniff or read-and-pass-along
>content of users joining their wireless connections?
Yes, there is. It's usually specific to the maker and model of the
router. Do you want URL's, services, socket numbers, protocols used,
traffic statistics, error, or the actual content? If you're
monitoring content, I don't want to get involved.
>I think there is a
>virtual server system that might allow this, right? The router is a Belkin
>DSL/Cable Wireless Router.
Does this Belkin have a model number? Duz is support either syslog or
SNMP? If not, you're stuck because you have a conglomerated
modem/router. You would normally do the sniffing at the junction
between the DSL modem and the ethernet router. However, since these
are all in one package, there's no access to this point. The only way
you're going to do any sniffing is if you replace BOTH the DSL modem
and the wireless router.
>I am not interested in invading privacy (there is no assumption of it, as
>the system warns the user), but in doing random checks to ensure that an
>acceptable use policy is not being infringed.
That's fine. Just realize that you're doing it anyway. I have my own
ethical formula for such things. I also sniff erratically to make
sure there's nothing amis on my networks. However, I don't save
anything other than traffic logs, and always inform the users that I'm
monitoring their connection either before or after. If you're setting
up a Carnivore clone, you most certainly are violating their
expectation of privacy.
<http://en.wikipedia.org/wiki/Carnivore_%28FBI%29>
Most acceptable use policies are NOT based on content. They're based
on services and traffic. For example, an ISP might decide that file
sharing is inappropriate or that daily traffic in excess of 30GBytes
is abuse. There are quite a few traffic monitors (MRTG, RRDTool,
Nagios, etc) that will give pretty graphs and belch alarms when some
form of pre-programmed abuse it triggered. They do that without
sniffing content. I think you'll find that random checks will not
suffice for excessive traffic problems (which includes worm and virus
infections). You'll need a dedicated and 7x24 continuous data logger
and management workstation.
>There is probably a better newsgroup to post this in, but since the router
>is wireless, I figure it qualifies.
Sniffing internet traffic has nothing to do with wireless. I don't
know which newsgroup or mailing list would be appropriate for
sniffing.
--
Jeff Liebermann
jeffl@cruzio.com
150 Felker St #D
http://www.LearnByDestroying.com
Santa Cruz CA 95060
http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
Monitoring Content of Connections 
Linear Mode
