Logging CMD.
Results 1 to 8 of 8

Thread: Logging CMD.

  1. #1
    AntiOnline Senior Medicine Man
    Join Date
    Nov 2001
    Posts
    724

    Logging CMD.

    A freind of mine has a home network and he captured some things that concerned him. What he really noticed was a flood of data using port 6667. We want to find the mystery irc server.
    So I had him run a Netstat -an 3. What i need, is to be able to record all this data into a file.

    Windows 2000 Server Advanced.

    How can the data in the command prompt be logged to a file?
    It is better to be HATED for who you are, than LOVED for who you are NOT.

    THC/IP Version 4.2

  2. #2
    Senior Member cwk9's Avatar
    Join Date
    Feb 2002
    Posts
    1,211
    You could use this command
    "netstat -an > netstat.txt"
    the > just tells it to redirect it to where ever
    Its not software piracy. Iím just making multiple off site backups.

  3. #3
    Old-Fogey:Addicts founder Terr's Avatar
    Join Date
    Aug 2001
    Location
    Seattle, WA
    Posts
    2,007
    You could also install a packet sniffer, such as Ethereal (which works on windows). (www.ethereal.com)
    [HvC]Terr: L33T Technical Proficiency

  4. #4
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,534
    I'd go for Terr's option.
    ethereal works well on win9x and seems to work on win2K ( haven't tested it yet )

    you will need the winpcap version of libpcap...
    the Win2K version of libpcap I haven't tested, but I heard it worked mirracles..

    I tried to use ethereal to capture the communications between the MSN messenger client and server to get at the specifics of their communication ( the Microsoft RFC is of no meaning ) . . .
    And it didn't work on XP and 2K then ( a couple of months back ) but the new winpcap seems to do the trick..
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  5. #5
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,424
    Ethereal works great under win2k.
    If you're going for that option, you'll see something like the screenshot attached, Dr Toker...

  6. #6
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    You'll also be able to check security logs if he has a router that has logging on (generally sent to x.x.x.255). Wealth of stuff in there...
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  7. #7
    Senior Member
    Join Date
    Nov 2002
    Posts
    382
    Use SNORT (www.snort.org/dl), a windows version is available.
    It should log only the data you'd like to analyze further on (provided you properly set rules)
    :d
    [shadow] SHARING KNOWLEDGE[/shadow]

  8. #8
    AntiOnline Senior Medicine Man
    Join Date
    Nov 2001
    Posts
    724
    Hehe, thanks guys we got the bastard. I was looking in the wrong places, but we found him, and pulled the rack he was on. He was hosting a load of zombie bots on irc.totaleffect.net.
    But no longer will we see anything from him. Thanks for the info.
    It is better to be HATED for who you are, than LOVED for who you are NOT.

    THC/IP Version 4.2

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •