Tuesday, August 19, 2008

All is Quiet, or is it?

The bad guys want to use your PC for there illegal activity so they won't get caught. Have you ever had that feeling that your being watched? How about being used? This much I can tell you, everyone is being watched and more people than you can imagine are being used. I hear the numbers are as high as 40% of all windows based PC may be hijacked.

Wireshark is a network sniffer that will capture everything off your local LAN. I wouldn't use this at work or anywhere you invade the privacy of others. You need to get your ip address of your machine and monitor activity or capture activity when the machine is idle and not in use.

If nothing is happening you can generate some activity such as web browsing to get a feel for what you should expect to see. If you leave it running during times when you are suspect you can confirm your suspicions one way or another.


You can install a firewall to help give you an idea of what is leaving you PC but these guys are good at turning these tools off without your knowledge.

So you have to fight these guys from the trenches.

This is what they say about the program:

Wireshark is the world's foremost network protocol analyzer, and is the de facto (and often de jure) standard across many industries and educational institutions.

Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998.

Wireshark has a rich feature set which includes the following:
Deep inspection of hundreds of protocols, with more being added all the time
Live capture and offline analysis
--Standard three-pane packet browser
--Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
--Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
--The most powerful display filters in the industry
--Rich VoIP analysis
--Read/write many different capture file formats: tcpdump (libpcap), Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others

--Capture files compressed with gzip can be decompressed on the fly
--Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, ---Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
--Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
--Coloring rules can be applied to the packet list for quick, intuitive analysis
--Output can be exported to XML, PostScript®, CSV, or plain text