I am designing a software to record only the URL visited by students while giving exam. So I somehow need to know which IP is visiting which site.
I will have a list of all the IPs of students. I just need a way to find out what sites they are visiting. For this I tried Kismet and was able to generate the .pcapdump file which has the details of all the packets. The network is open and unsecured so I was able to get the list of all the IPs but couldn't see the URL they visited.
Steps:
OS: Backtrack Linux 5
Start Kismet on wlan0
Run the following command to convert .pcapdump to .txt through tshark
$ tshark -r /path/Kismet.pcapdump >> log.txt
Read log.txt for IP -- This shows all the student IPs But need to get the URL visitd by those IP too.
Is kismet the right way to go? I have to automate this whole thing so I cannot use Wireshark and manually convert the files so I choose Kismet.
I need to be able to generate alert or some other activity as soon as a URL (like www.google.com) is visited by any of the IP in the database.
I believe you would want to look like squid/squidguard type of setup if you want to let your students to access only certain "white-listed" sites during the exam duration. It can be done for the IP Addresses of the student's PC (If they are static) or you can create username/passwords and apply the rule on them.