finding packets
Page 1 of 5 123 ... LastLast
Results 1 to 10 of 43

Thread: finding packets

  1. #1
    Junior Member
    Join Date
    Apr 2006
    Posts
    17

    finding packets

    Okay, I have a question. Say you suspect a computer to have a trojan installed on it and that trojan installed a packet sniffer on said computer to sniff your network. This packet sniffer causes the computer to save all the packets, right? Is there any way to locate the packets on the computer? How about detection of the packet sniffer itself, since it isn't considered spyware?

    I'm not worried about the trojan, I think I know how to get rid of it. My question more pertains to the packet sniffer. Does it save the packets on the infected computer? If so, can someone down the line access those packets and see the passwords and browsing information the packet sniffer obtained? I'm just kind of paranoid.

  2. #2
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Hi,

    How about detection of the packet sniffer itself, since it isn't considered spyware?
    Get the latest versions of A-Squared and Ewido. Update them and run them in safe mode

    Be sure to check all 4 boxes in the A-Suared scan settings. I particular "riskware" and "unknown malware" but be careful, you may get false positives with aggressive heuristic scans.

    "Riskware will show up stuff like John the Ripper, nmap and so on that are not malware unless you didn't install them yourself
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  3. #3
    Senior Member
    Join Date
    Dec 2004
    Posts
    320
    Most sniffer/keyloggers etc... store the logs on a local file until it either
    a) reaches a certain size or
    b) certain amount of time has passed.
    (there may be other triggers, too. Like visiting citibank.com)
    It really depends on what was put there, and where that particular packet sniffer hides its data, and keep in mind, the data could be encrypted.

    Correct me if I'm wrong, but dont must packet sniffers operate at the physical layer ?
    The fool doth think he is wise, but the wiseman knows himself to be a fool - Good Ole Bill Shakespeare

  4. #4
    Junior Member
    Join Date
    Apr 2006
    Posts
    17
    Wait, so they aren't stored on the infected computer? Or they are automatically deleted? I'm confused. Btw, what exactly is a "local file?"

  5. #5
    Senior Member
    Join Date
    Feb 2002
    Posts
    856
    Hi,
    Wait, so they aren't stored on the infected computer? Or they are automatically deleted? I'm confused. Btw, what exactly is a "local file?"
    Actually, that's what dmorgan is telling you. The files are stored on the "infected" computer until one of the things dmorgan notes takes place (I'm not an expert on this. I'm just trying to clarify what I think you are being told). A "local file" is a file on the target computer (what you are calling the "infected" computer).

    Local file: file on a computer you are using.
    remote file: file on another computer.

    If a person installs a packet sniffer with a log file on your computer, the log file would be a "remote file" to him/her but a "local file" to you. Make sense?
    For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
    (Romans 6:23, WEB)

  6. #6
    Junior Member
    Join Date
    Apr 2006
    Posts
    17
    okay... so they are saved and then deleted, I take it. So you can't find the packets? I'm still slightly confused........

  7. #7
    Senior Member
    Join Date
    Feb 2002
    Posts
    856
    Just curious, are you asking these questions because you think you have a sniffer installed? Or are you just asking hypothetical questions for your own information?

    If you think you do have a sniffer installed, what Operating System are you using?

    f so, can someone down the line access those packets and see the passwords and browsing information the packet sniffer obtained? I'm just kind of paranoid.
    To answer this question: Yes. Otherwise, it would be kind of useless to install a packet sniffer
    For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
    (Romans 6:23, WEB)

  8. #8
    Junior Member
    Join Date
    Apr 2006
    Posts
    17
    I think that there may be one installed, but that might just be paranoia. I'm asking so that I can find out for certain. I also am really paranoid and don't want the user of the infected computer to be able to acess passwords and browsing history of the other computers on the network, so I want to make sure there are no packets stored on the computer.

  9. #9
    Senior Member
    Join Date
    Feb 2002
    Posts
    856
    What operating system is the possibly infected computer using?
    For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
    (Romans 6:23, WEB)

  10. #10
    Junior Member
    Join Date
    Apr 2006
    Posts
    17
    XP. By the way, thanks for all your help.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides