Penetration Testing mailing list archives
RE: How to detect the IPs of users who are using IM and P2P programs
From: "Alex Moen" <alexm () ndtel com>
Date: Tue, 29 Nov 2005 08:07:50 -0600
Since no one else has answered yet, I will give it a shot... If I am way off base, someone correct me! :) I think the answer depends on the level of information that you want. If you want just a quick snapshot, you could put an ethereal box in line (using a hub, not a switch) with your router interface (or uplink interface on a larger network, where you just want to look at traffic on one switch or group of switches) and capture all of the packets over a certain period of time, and then sort them out. However, for a more long term approach, you would have to use some kind of information gathering device. We use a product (non-freeware) to capture, sort, and report on all of the traffic that our Cisco routers are routing. Using a method like this will allow you to create or determine a "baseline" of your normal traffic, so that you can not only figure out who is using what kind of service, but also allow you to notice drastic changes in the traffic patterns in your network, giving you a warning that something (DDOS, virus, spam, etc) is going on... The software that we use utilizes Cisco's netflow information. Alex Moen Operations Technology Specialist NDTC
-----Original Message----- From: Nabeel S. Alzahrani(äÈíá ÇáÒåÑÇäí) [mailto:nalzahrani () gosi gov sa] Sent: Monday, November 28, 2005 10:37 PM To: pen-test () securityfocus com Subject: How to detect the IPs of users who are using IM and P2P programs Dear All, Is there any tool/method that allow me to detect the IPs of users who are using IM (Instant Messaging i.e. MSN messenger, Yahoo messenger, ICQ, etc) and P2P (Peer-2-Peer programs such Kazaa) in our network? Thanks -------------------------------------------------------------- ---------------- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------- -----------------
------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- How to detect the IPs of users who are using IM and P2P programs نبيل الزهراني (Nov 28)
- Re: How to detect the IPs of users who are using IM and P2P programs Bhavatosh (Nov 29)
- Re: How to detect the IPs of users who are using IM and P2P programs Joachim Schipper (Nov 29)
- Re: How to detect the IPs of users who are using IM and P2P programs jim (Nov 29)
- Re: How to detect the IPs of users who are using IM and P2P programs Robert BARABAS (Nov 29)
- RE: How to detect the IPs of users who are using IM and P2P programs Alex Moen (Nov 29)
- Re: How to detect the IPs of users who are using IM and P2P programs Murali Raju (Nov 29)
- Re: How to detect the IPs of users who are using IM and P2P programs John Lampe (Nov 29)
- <Possible follow-ups>
- RE: How to detect the IPs of users who are using IM and P2P programs Maher Odeh (Nov 29)
- RE: How to detect the IPs of users who are using IM and P2P programs Barrie Dempster (Nov 29)
- Re: How to detect the IPs of users who are using IM and P2P programs Mark Blaszczyk (Nov 29)
- RE: How to detect the IPs of users who are using IM and P2P programs Haseeb Chaudhary (Nov 29)