Wireshark - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14

Thread: Wireshark

  1. #11
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hmmmm,

    I dont want the users to know its on or be able to uninstall it...
    Would I be correct in thinking that the above means that you are looking for an application that runs on the clients, and that the users have local administrator rights?

    Sure, there is plenty of spyware out there that will do that to some extent or another, but you need to bear in mind that this is a business environment.

    First question is "have they an official, documented, AUP that the users have signed up to?" Basically a game without rules has no need for a referee?

    Perhaps you might consider an accountancy approach as a potentially effective and non-contentious approach?

    I don't know what experience you have had in dealing with professional services and consultancy bodies, but when you get a bill it will normally contain an item for "miscellaneous" or "incidental" expenses.

    This is to cover postage, fax, telephone, e-mail and all that sort of thing.

    There are a variety of software applications that will do this sort of thing automatically, by monitoring the communications channels. This can be either client or server side.

    There are other variants that just monitor the usage to allocate overheads expense to the various cost centres within an organisation.

    Now, as any accountant will tell you, the total bill for a period must be reconcilable to the sum of the individual allocations, or the accounts won't balance...............

    Obviously this is NOT "spying"; it is simply "responsible financial business management".

    By the same token, anyone who tampers with the financial management applications of an organisation can expect to be dismissed and potentially face fraud charges.................

    Whilst running rings round the system administrator might be considered fair game in some quarters; taking the p1$$ out of the CFO certainly is not

    There are a lot of good selling points to senior management as well:

    1. Tighter control of expenditure overheads.
    2. More competitive quoting.
    3. More accurate billing.
    4. Better profitability accounting by project/customer.............

    i need something realtime
    Actually that is the last thing that you want..............only administrators think realtime............... accountants and senior management think financial periods............so the admin wasn't to blame?
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  2. #12
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Netflow can be turned on on a switch (I know most managed cisco switches support it), users will not be able to turn it off or even be aware it's running.

    If you don't have any cisco equipment (or some other vendor that doesn't support netflow) a linux or bsd in bridge mode and softflow will also gather all the netflow info.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #13
    Junior Member
    Join Date
    Apr 2009
    Posts
    8
    For these types of tasks I like to bust out tshark and bash or throw together a ruby script using the pcap libraries.

    Check this out:
    Monitoring network traffic with Ruby and Pcap
    http://arstechnica.com/open-source/n...x-20051002.ars

  4. #14
    Junior Member
    Join Date
    Jun 2009
    Posts
    4
    You can do your own filters using the libpcap library (if you are on linux). A couple of regular expressions and that's it. If you just need to see connexion/downloads, you can use something like iptraf on the router.
    Check this out, because life is a hack: http://life-is-a-hack.blogspot.com/

Similar Threads

  1. Wireshark capture problem
    By Ignatius in forum Network Security Discussions
    Replies: 6
    Last Post: October 31st, 2007, 11:22 AM
  2. Video:Intro to the AirPcap USB adapter, Wireshark, and using Cain to crack WEP
    By Irongeek in forum The Security Tutorials Forum
    Replies: 1
    Last Post: June 8th, 2007, 03:59 PM
  3. wireshark showing weird activity
    By psaux in forum Network Security Discussions
    Replies: 8
    Last Post: May 23rd, 2007, 08:36 PM
  4. Fiction author needing help with research question...please...
    By sommersby in forum Newbie Security Questions
    Replies: 65
    Last Post: August 13th, 2006, 11:49 AM
  5. ethereal now wireshark
    By mmkhan in forum Security News
    Replies: 11
    Last Post: June 13th, 2006, 02:01 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •