Se alguém estiver conectado por VPN à sua rede, ele age como se estivesse na rede local. Então a questão principal é:
Can we tell if someone is copying a file from the LAN?
Teoricamente, deve haver uma maneira de filtrar isso com um programa chamado Wire Shark (ou similar)
O que você deve fazer é filtrar o tráfego NFS:
Display Filter
A complete list of NFS display filter fields can be found in the display filter reference
Show only the NFS traffic:
nfs
You cannot directly filter NFS while capturing. However, if you know the port used (see above), you can filter on that one.
Capture NFS traffic over the default port (2049)
Editar :
Eu encontrei uma resposta mais detalhada aqui no Super Usuário que confirma e completa minha teoria:
Como gravar o tráfego dentro de uma VPN?
Após algumas pesquisas, descobri que existe um software mais ideal para esse propósito chamado Monitor de Rede Microsoft
HOW TO: Capture network traffic on the VPN Server
We recommend using Microsoft Network Monitor when capturing network traffic on the VPN Server, this since Network Monitor seems to be better at intercepting all traffic from the VPN Server filter.
Wireshark only seems to capture packets sent to the VPN Server not from the VPN Server.
The Network Monitor capture file format can be used by Wireshark so the capture can be viewed using Wireshark if you prefer that.
Network Monitor Quick Guide
Create display filer for specific IP address:
-under the Capture tab -in the Display Filter window -select Load Filter->Standard Filters->Adresses->IPv4 Adresses -modify "IPv4.Address ==" to the address you are interested in and press Apply
To show IP addresses not host names in captures:
-under the Capture tab -in the Frame Summary window -select Columns->Choose Columns... -replace "Source" with "Source Network Address" and "Destination" with "Destination Network Address"