lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <BAY7-DAV2135Cx72CYX0003a28e@hotmail.com>
From: rlanguy at hotmail.com (Lan Guy)
Subject: Caching a sniffer

The latest Beta's of WinPCAP contains a remote control functionality tool.
http://winpcap.polito.it/install/default.htm
I haven't tested it yet but this would be a good place to start looking.
http://winpcap.polito.it/docs/docs31beta/html/index.html
Then scroll down to remote capture..

Lan Guy


----- Original Message ----- 
From: "David Vincent" <david.vincent@...htyoaks.com>
To: <full-disclosure@...ts.netsys.com>
Sent: Thursday, March 11, 2004 6:51 AM
Subject: RE: [Full-Disclosure] Caching a sniffer


>
>> How can i know if there a sniffer running in my network?
>
> if you're lucky, they are stupid and are using microsoft's network 
> monitor.
> Tools --> Identify Network Monitor Users
>
> http://www.comptechdoc.org/os/windows/ntserverguide/ntsnetmon.html
>
> -----
>
> http://www.microsoft.com/windows2000/techinfo/reskit/en-us/default.asp?url=/
> WINDOWS2000/techinfo/reskit/en-us/core/fneg_net_zrgm.asp?frame=true&hidetoc=
> true
>
> ...
>
> For security reasons, Windows 2000 Network Monitor captures only those
> frames, including broadcast and multicast frames, sent to or from the 
> local
> computer. Network Monitor also displays overall network segment statistics
> for broadcast frames, multicast frames, network utilization, total bytes
> received per second, and total frames received per second.
>
> In addition, to help protect your network from unauthorized use of Network
> Monitor installations, Network Monitor can detect other installations of
> Network Monitor that are running on the local segment of your network.
> Network Monitor also detects all instances of the Network Monitor driver
> being used remotely (by either Network Monitor from Systems Management
> Server or the Network Segment object in System Monitor) to capture data on
> your network.
>
> When Network Monitor detects other Network Monitor installations running 
> on
> the network, it displays the following information:
>
>    * The name of the computer
>    * The name of the user logged on at the computer
>    * The state of Network Monitor on the remote computer (running,
> capturing, or transmitting)
>    * The adapter address of the remote computer
>    * The version number of Network Monitor on the remote computer
>
> In some instances, your network architecture might prevent one 
> installation
> of Network Monitor from detecting another. For example, if an installation
> is separated from yours by a router that does not forward multicasts, your
> installation cannot detect that installation.
>
> ...
>
> -----
>
> but I digress.  a quick google:
>
> http://www.packet-sniffer.co.uk/content/detect/
> - the king!
>
> http://www.gfi.com/news/en/lansniffer.htm
> http://www.linux4biz.net/articles/articlesniff.htm
>
> -d
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ