Printable View
A freind of mine has a home network and he captured some things that concerned him. What he really noticed was a flood of data using port 6667. We want to find the mystery irc server.
So I had him run a Netstat -an 3. What i need, is to be able to record all this data into a file.
Windows 2000 Server Advanced.
How can the data in the command prompt be logged to a file?
You could use this command
"netstat -an > netstat.txt"
the > just tells it to redirect it to where ever
You could also install a packet sniffer, such as Ethereal (which works on windows). (www.ethereal.com)
I'd go for Terr's option.
ethereal works well on win9x and seems to work on win2K ( haven't tested it yet )
you will need the winpcap version of libpcap...
the Win2K version of libpcap I haven't tested, but I heard it worked mirracles..
I tried to use ethereal to capture the communications between the MSN messenger client and server to get at the specifics of their communication ( the Microsoft RFC is of no meaning ) . . .
And it didn't work on XP and 2K then ( a couple of months back ) but the new winpcap seems to do the trick..
Ethereal works great under win2k.
If you're going for that option, you'll see something like the screenshot attached, Dr Toker...
You'll also be able to check security logs if he has a router that has logging on (generally sent to x.x.x.255). Wealth of stuff in there...
Use SNORT (www.snort.org/dl), a windows version is available.
It should log only the data you'd like to analyze further on (provided you properly set rules)
:d
Hehe, thanks guys we got the bastard. I was looking in the wrong places, but we found him, and pulled the rack he was on. He was hosting a load of zombie bots on irc.totaleffect.net.
But no longer will we see anything from him. Thanks for the info.