Thanks, I saw the website, it looks great. Now see if it can display the packets in a way I can see what the hacker sees like WHSIWYG (What He Sees Is What You Get). Rogier Sean Groarke wrote:
Forgive me if someone has already mentioned this and it slipped past me: Try ethereal (which is not, as it's name might imply, only usable on ethernet!) which is a professional-level Sniffer/Net XRay clone.
It is a seriously good network sniffer, with neat features like being able to pick out and reassemble the data content of an entire TCP stream with one mouse click, colour data streams based on filters, read and manipulate true Sniffer files, etc.. I use it daily in a work/lab environment, and would strongly recommend it. I think there's also a version of it on SuSE dist (can't remember) but the web-site has some recently updated versions. Oh, and it *is * GNU GPL!!
Sean
Rogier Maas wrote:
I can do that, but that only logs what's going on. I must have the content of those packets.
You see, I suspect a hacker (or even worse: a cracker) is active on my network, and I have no clue of what he's doing. I need evidence before I contact my superiors. I have many suspicions, but I was barfed at when I made it an issue with my superiors.
Okay, I'll try to download sniffit (the server is down at the moment), now I'm looking for a program that can display (in realtime or after it has recorded the traffic) the actions on a screen, or else my superiors won't be impressed I'm affraid.
I hope there is such a package.
TIA,
Rogier Maas
Jack Barnett wrote:
Can you do a `tcpdump > file`?
anyways, there is a program called sniffit (check http://www.freshmeat.net) which can view packets in real time or dump them into a file. It has allot of options and it is just want you are looking for. Don't abuse it : )
Jack
----- Original Message ----- From: Rogier Maas <icarus@guldennet.nl> To: <suse-linux-e@suse.com> Sent: Tuesday, January 11, 2000 8:16 AM Subject: [SLE] Intercepting Telnet packets and displaying them back on the screen
Hi,
I'm looking for a tool to capture network traffic (specifically port 23) in a file, to be able to 'play' them back like a movie. The capturing would have to be done including a timestamp, or else the playback would be way too fast.
I know I can see what's going on with tcpdump, but I can't see the contents. And if I see it, how can I play it back?
Can anyone help me with that? I really have to see what other people are doing to my systems. I'm getting kinda desperate..
TIA,
Rogier Maas
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/