Monitoring beyond majordomo

I’ve been keeping an eye on my network with Majordomo and a few custom scripts and it’s been working great for me so far. The problem I’m seeing now is that of identifying what my devices are doing. In Majordomo I see a ton of IP addresses but when I check what they are they almost all belong to Akamai, AWS, Rackspace or similar services. Without the domain names the devices were trying to access I have no idea what they were doing.

Is there a way to record the domain names that devices were trying to access and how much data was used for each of them? Only over HTTP or HTTPS is good enough, almost all traffic on my network is one of those two so I can afford to “lose” the few % of traffic that’s something else.

Hi! :slight_smile:

I think this one should help you, but you have some good points. You should send your thoughts to Turris team. :slight_smile:
https://forum.test.turris.cz/t/how-to-make-dns-resolv-working-in-majordomo/1169/36?u=pepe

Looking forward to hearing from you,
Pepe

Hi Pepe,

thanks for your answer. Reverse DNS lookups are unfortunately not what I’m after. It does solve the problem of showing IP addresses but doesn’t show me what my kids were actually doing (they want to know this because they have limited bandwidth and need to know what is eating it so they know how to conserve their data).

I get things like:
na-in-x80.1e100.net.
instagram-p36-shv-01-ort2.fbcdn.net.
a104-96-210-95.deploy.static.akamaitechnologies.com.
a23-43-165-11.deploy.static.akamaitechnologies.com.

You can see that for some of these you can guess what it’s for (instagram) but others (akamai or 1e100.net), I have no clue what they were accessing on those IPs. They are CDNs that are known under hundreds of domain names and there is no way I can find out which domain they were using to access that service just from the IP address.