Re: Application backdoor suspect

[<nick84 () rootsecure net>]

In-Reply-To: <002601c2a2df$70727070$9801a8c0 () mail sargam com>

RE: http://online.securityfocus.com/archive/105/303359

Well to see what information any application is sending over the wire 
(assuming its not encrypted) you need a packet sniffer.

This sniffer FAQ has a number listed,
http://216.239.37.100/search?
q=cache:2497UGNKBkoC:www.robertgraham.com/pubs/sniffing-
faq.html+&hl=en&ie=UTF-8#software-windows

I would recommend ettercap available from http://ettercap.sourceforge.net 
in Windows / *nix varieties.  It also comes pre-installed on the knoppix 
bootable cd http://www.knopper.net/knoppix/index-en.html - just put the 
cd in a spare machine, select the machines you want to sniff 
communications between (ie client computer and internet gateway/router) 
and click a connection to see the traffic.


______________________________ 
http://www.rootsecure.net/