NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > FOCUS-MS> 2000-q3

Subject: Re: Tracking Specific Ports
From: Henry Sieff (hsieffORTHODON.COM)
Date: Thu Aug 03 2000 - 15:16:48 CDT

Next message: Ted Amor: "Re: Scott Sanchez and Jay Woody NT password recovery"
Previous message: Cavey, Mark A.: "Re: Windows 2000 Professional and firewalls / Black ICE"
Maybe in reply to: Brian Pollack: "Tracking Specific Ports"
Next in thread: Brian Pollack: "Re: Tracking Specific Ports"
Next in thread: Eric Sherrill: "Re: Tracking Specific Ports"
Next in thread: bhayesUNLNOTES.UNL.EDU: "Re: Windows 2000 Service Pack 1"
Maybe reply: Henry Sieff: "Re: Tracking Specific Ports"
Reply: Brian Pollack: "Re: Tracking Specific Ports"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

You want to get a box and run either tcpdump or windump, or a
commercial program (the Observer Suite, CA's eTrust (formerly
Sessionwall) which can sniff packets and record them according to
filter paramaters you can set.

Windump runs on NT (with NDIS Packet Driver installed) and is
basically the same as tcpdump.
http://netgroup-serv.polito.it/windump/ is where I got it.

tcpdump is a wonderful program fairly standard in the X world.

Sessionwall (which also allows you to set blocking rules on
unnacceptable usage) is available from Computer Associates
(www.sessionwall.com).

The observer suite is pretty much the rolls royce of GUI packet
sniffers, but it'll cost you.

As for ethical questions, your network, your rules. My company tracks
all traffic, and randomly checks content.

Henry Sieff

>-----Original Message-----
>From: Brian Pollack [mailto:brianN2PLUS.COM]
>Sent: Wednesday, August 02, 2000 10:56 AM
>To: FOCUS-MSSECURITYFOCUS.COM
>Subject: Tracking Specific Ports
>
>
>Hopefully there is an answer to this difficult issue without an
all-out
>ethical discussion. We need to be able to record a few
>workstations chat on
>Yahoo! Chat (port 8002).
>

Next message: Ted Amor: "Re: Scott Sanchez and Jay Woody NT password recovery"
Previous message: Cavey, Mark A.: "Re: Windows 2000 Professional and firewalls / Black ICE"
Maybe in reply to: Brian Pollack: "Tracking Specific Ports"
Next in thread: Brian Pollack: "Re: Tracking Specific Ports"
Next in thread: Eric Sherrill: "Re: Tracking Specific Ports"
Next in thread: bhayesUNLNOTES.UNL.EDU: "Re: Windows 2000 Service Pack 1"
Maybe reply: Henry Sieff: "Re: Tracking Specific Ports"
Reply: Brian Pollack: "Re: Tracking Specific Ports"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]