OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Tracking Specific Ports
From: Henry Sieff (hsieffORTHODON.COM)
Date: Thu Aug 03 2000 - 15:16:48 CDT


You want to get a box and run either tcpdump or windump, or a
commercial program (the Observer Suite, CA's eTrust (formerly
Sessionwall) which can sniff packets and record them according to
filter paramaters you can set.

Windump runs on NT (with NDIS Packet Driver installed) and is
basically the same as tcpdump.
http://netgroup-serv.polito.it/windump/ is where I got it.

tcpdump is a wonderful program fairly standard in the X world.

Sessionwall (which also allows you to set blocking rules on
unnacceptable usage) is available from Computer Associates
(www.sessionwall.com).

The observer suite is pretty much the rolls royce of GUI packet
sniffers, but it'll cost you.

As for ethical questions, your network, your rules. My company tracks
all traffic, and randomly checks content.

Henry Sieff

>-----Original Message-----
>From: Brian Pollack [mailto:brianN2PLUS.COM]
>Sent: Wednesday, August 02, 2000 10:56 AM
>To: FOCUS-MSSECURITYFOCUS.COM
>Subject: Tracking Specific Ports
>
>
>Hopefully there is an answer to this difficult issue without an
all-out
>ethical discussion. We need to be able to record a few
>workstations chat on
>Yahoo! Chat (port 8002).
>