July 7th, 2002, 08:25 AM
Hello all, Well I I have a lan at home running win2000 as the host, 2 win98 boxes and a linux box set as a firewall, connecting these are a netgear router. I want to watch what people are doing on my network eg. stealth mode in watching what email they are sending and recieving, web sites messages (irc) etc. I dont want to actually go on the computer and check history etc or logs is there a way I can listen on ports watch traffic etc. - packet sniffer? Im not sure thats why I am here! hehe well all help and comments are appreciated.
Thanks in advance
July 7th, 2002, 09:22 AM
I suggest that you use your Linux box to scan the othe computers.
The best sniffer I would use would be dsniff, you can get it at: www.monkey.org/~dugsong/dsniff/
\"keep your friends close, your enemys closer, and your administrator closest.\"
July 7th, 2002, 02:19 PM
Tcpdump (for linux) allows full packet capture, but you're going to need a lot of hard drive space if you want to do that. Snort (for windows and linux) also allows full packet capture, but again, it's going to take up huge quantities of space. If you just want to be able to see all of the websites and e-mail from those computers, but not have to record huge amounts of traffic, then mailsnarf and urlsnarf (part of the dsniff package that MrT recommended) will work well for you. There's a lot of packet sniffers out there, and you'l just have to test some of them out to find what works best for you. Check out www.packetstormsecurity.com for a list of the more popular sniffers.
Before monitoring traffic on any network, it's important to note a few things. Number one, you had better own all of the systems on the network or it's probably illegal. Number two, even if you own all of the systems, it could still be illegal to monitor the traffic unless every single person that uses the systems knows that they are being monitored and agrees to be monitored. Those are the two primary criterion for monitoring traffic here in the states, but I don't know what Australia's laws are regarding computer privacy, so you'll have to find out for yourself. Legal issues aside, it's still a good idea to respect others privacy unless you have some extrodinary reason to monitor them. How would you like it if someone else was constantly checking out what websites you visited?
July 7th, 2002, 08:44 PM
Hum, is the linux firewall in front of the netgear router or behind like the other hosts?
Can you draw us a little ascii map of your network?
Credit travels up, blame travels down -- The Boss