| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <BAY7-DAV2135Cx72CYX0003a28e@hotmail.com> From: rlanguy at hotmail.com (Lan Guy) Subject: Caching a sniffer The latest Beta's of WinPCAP contains a remote control functionality tool. http://winpcap.polito.it/install/default.htm I haven't tested it yet but this would be a good place to start looking. http://winpcap.polito.it/docs/docs31beta/html/index.html Then scroll down to remote capture.. Lan Guy ----- Original Message ----- From: "David Vincent" <david.vincent@...htyoaks.com> To: <full-disclosure@...ts.netsys.com> Sent: Thursday, March 11, 2004 6:51 AM Subject: RE: [Full-Disclosure] Caching a sniffer > >> How can i know if there a sniffer running in my network? > > if you're lucky, they are stupid and are using microsoft's network > monitor. > Tools --> Identify Network Monitor Users > > http://www.comptechdoc.org/os/windows/ntserverguide/ntsnetmon.html > > ----- > > http://www.microsoft.com/windows2000/techinfo/reskit/en-us/default.asp?url=/ > WINDOWS2000/techinfo/reskit/en-us/core/fneg_net_zrgm.asp?frame=true&hidetoc= > true > > ... > > For security reasons, Windows 2000 Network Monitor captures only those > frames, including broadcast and multicast frames, sent to or from the > local > computer. Network Monitor also displays overall network segment statistics > for broadcast frames, multicast frames, network utilization, total bytes > received per second, and total frames received per second. > > In addition, to help protect your network from unauthorized use of Network > Monitor installations, Network Monitor can detect other installations of > Network Monitor that are running on the local segment of your network. > Network Monitor also detects all instances of the Network Monitor driver > being used remotely (by either Network Monitor from Systems Management > Server or the Network Segment object in System Monitor) to capture data on > your network. > > When Network Monitor detects other Network Monitor installations running > on > the network, it displays the following information: > > * The name of the computer > * The name of the user logged on at the computer > * The state of Network Monitor on the remote computer (running, > capturing, or transmitting) > * The adapter address of the remote computer > * The version number of Network Monitor on the remote computer > > In some instances, your network architecture might prevent one > installation > of Network Monitor from detecting another. For example, if an installation > is separated from yours by a router that does not forward multicasts, your > installation cannot detect that installation. > > ... > > ----- > > but I digress. a quick google: > > http://www.packet-sniffer.co.uk/content/detect/ > - the king! > > http://www.gfi.com/news/en/lansniffer.htm > http://www.linux4biz.net/articles/articlesniff.htm > > -d > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists