Logging CMD.

[Dr Toker]

A freind of mine has a home network and he captured some things that concerned him. What he really noticed was a flood of data using port 6667. We want to find the mystery irc server.
So I had him run a Netstat -an 3. What i need, is to be able to record all this data into a file.

Windows 2000 Server Advanced.

How can the data in the command prompt be logged to a file?

[cwk9]

You could use this command
"netstat -an > netstat.txt"
the > just tells it to redirect it to where ever

[Terr]

You could also install a packet sniffer, such as Ethereal (which works on windows). (www.ethereal.com)

[the_JinX]

I'd go for Terr's option.
ethereal works well on win9x and seems to work on win2K ( haven't tested it yet )

you will need the winpcap version of libpcap...
the Win2K version of libpcap I haven't tested, but I heard it worked mirracles..

I tried to use ethereal to capture the communications between the MSN messenger client and server to get at the specifics of their communication ( the Microsoft RFC is of no meaning ) . . .
And it didn't work on XP and 2K then ( a couple of months back ) but the new winpcap seems to do the trick..

[Negative]

Ethereal works great under win2k.
If you're going for that option, you'll see something like the screenshot attached, Dr Toker...

[Vorlin]

You'll also be able to check security logs if he has a router that has logging on (generally sent to x.x.x.255). Wealth of stuff in there...

[Networker]

Use SNORT (www.snort.org/dl), a windows version is available.
It should log only the data you'd like to analyze further on (provided you properly set rules)
:d

[Dr Toker]

Hehe, thanks guys we got the bastard. I was looking in the wrong places, but we found him, and pulled the rack he was on. He was hosting a load of zombie bots on irc.totaleffect.net.
But no longer will we see anything from him. Thanks for the info.