December 16th, 2005, 08:48 PM
It may be possible, with a cracking tool, to ferret out the domain admin passwords. My own policies cleared those from systems on logout, in my previous life. But, I also didn't use those for logins....
December 16th, 2005, 08:19 PM
JewishIntent made a good point. There is also the possibility that the person installed a keylogger on one of your systems and has been grabbing the information that way. That is a lot of work and...
December 15th, 2005, 09:46 PM
Depending on the OS you are running, you will also need libpcap or Winpcap. For Linux you should check out:
http://www.tcpdump.org/
For Windows:
http://www.winpcap.org/
You'll need these...