I've just had my wireless LAN hacked... no big deal but before i noticed the routers leds odly flashing i've set my card to monitor and sniffed some trafic.. its mostly PPP Compress trafic (as far as Ethereal can tell) and now im just curious to know what he was seeing/doing. So im posting to ask for help in how can i properly see the captured ppp compressed trafic.
July 16th, 2006, 12:17 PM
PPP compressed is responsible for negotiating and managing the use of compression on a PPP link. It's primarily used to provide data link layer connectivity to physical serial links. To that end, you're not going to see what's in those data frames unless you deflate them.
Without the pcap file, no one here can tell you what was sent. Even with that file it still may not be possible to identify what he was doing. Your question is along the lines of, "There is something wrong with my car. Can you tell me what it is?".
July 16th, 2006, 01:44 PM
furthermore tks for the reply
but at first glance for what i saw on google ppp compressed data was somewhat related to vpn ssh tunnels ... i even ran an anti virus scan on my brothers winxp i thought it was some sort of RAT but after nmaping the destination i found that he was accessing (maybe) his webmail.
From what i understand, theres no way to actualy see that traffic, and from what i googled, unless i caught the initial handshake.
July 16th, 2006, 02:44 PM
And again, without the pcap file, no one (including me) can begin to tell you what went on.
PPP is related to VPNs in the sense that compression is used through the tunnel to boost performance, going back to my original statement on it's use.