Monday, April 04, 2011
Anu
The linux kernel has a facility called “usbmon” which can be used to sniff the USB bus. It’s been in there for ages, and the output isreally easy to collect, even from the command line shell.
Showing posts with label Monitoring. Show all posts
Showing posts with label Monitoring. Show all posts
Monday, April 4, 2011
Thursday, July 1, 2010
DOS : IP and port Info using Netstat
Hello friends, thanks for reading this text on learning more about using netstat to help you. Please disregard any spelling or punction or any other grammer errors. This text is written so the average reader can understand it. Not to complicated. Please enjoy and feel free to email me.
Use of Netstat
- (To OPEN Netstat) - To open [Netstat] you must do the following: Click on the - [Start] button - Then click [Programs] - Then look for [Ms-Dos Prompt].
Netstat is a very helpful tool that has many uses. I personally use Netstat to get IP addresses from other users I'm talking with on ICQ or AIM. Also you can use Netstat go moniter your port activity for attackers sending syn requests (part of the TCP/IP 3 way handshake) or just to see what ports are listening/Established. Look at the example below for the average layout of a responce to typing Netstat at the C:\windows\ prompt.
C:\WINDOWS#netstat
Active Connections
Proto Local Address Foreign Address State
TCP pavilion:25872 WARLOCK:1045 ESTABLISHED
TCP pavilion:25872 sy-as-09-112.free.net.au:3925 ESTABLISHED
TCP pavilion:31580 WARLOCK:1046 ESTABLISHED
TCP pavilion:2980 205.188.2.9:5190 ESTABLISHED
TCP pavilion:3039 24.66.10.101.on.wave.home.com:1031 ESTABLISHED
Now look above at the example. You will see [Proto] on the top left. This just tells you if the protocal is TCP/UDP etc. Next to the right you will see [Local Address] this just tells you the local IP/Hostname:Port open. Then to the right once again you will see [Foreign Address] this will give you the persons IP/Hostname and port in the format of IP:Port with ":" in between the port and IP.
And at last you will see [State] Which simply states the STATE of the connection.
This can be Established if it is connected or waiting connect if its listening.
Now with this knowledge we will dive into deeper on how to use this for monitering and port activity and detecting open ports in use.
Detecting Open ports
Now so you are noticeing something funny is going on with your computer? Your cd-rom tray is going crazy...Opening and closing when your doing nothing. And you say What the phruck is going on..or you realize someones been messing with a trojan on your computer.
So now your goal is to locate what trojan it is so you can remove it right? Well your right.
So you goto your ms-dos prompt. Now there are many ways to use Netstat and below is a help menu. Look through it.
C:\WINDOWS#netstat/?
Displays protocol statistics and current TCP/IP network connections.I personally like using (C:\Windows\Netstat -an) Which Displays all connections and listening ports in the form of IP instead of Hostname. As you see how i did the command Netstat(space)-a(Displays all connections and listening ports.)n(in numerical form)
NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]
-a Displays all connections and listening ports.
-e Displays Ethernet statistics. This may be combined with the -s option.
-n Displays addresses and port numbers in numerical form.
-p proto Shows connections for the protocol specified by proto; proto may be TCP or UDP. If used with the -s option to display per-protocol statistics, proto may be TCP, UDP, or IP.
-r Displays the routing table.
-s Displays per-protocol statistics.
By default, statistics are shown for TCP, UDP and IP; the -p option may be used to specify a subset of the default. interval Redisplays selected statistics, pausing interval seconds between each display. Press CTRL+C to stop redisplaying statistics. If omitted, netstat will print the current configuration information once.
Netstat -an -So doing that does TWO of the options at once no need for -a-n. So now that you know how to use netstat to view all your connections and listening you can search for common ports like 12345(old Netbus Trojan),1243(subseven) etc. This Becomes very handy for everything you will soon find out. Take a break now and go chill out on your couch and relax for about 5 minutes and let all this soak in then come back ready to learn more. :)
SYN and ACK
When you here Syn and Ack(ACKnowledge) you do not think of the communication of packets on your system. Well let me tell you what SYN and ACK do.
[SYN] - SYN in common words is a request for a connection used in the 3-way handshake in TCP/IP. Once you send a SYN out for a connection, the target computer will reply with a SYN and ACK. So basically when you see in [State] catagory Syn that means you are sending out a request to connect to something.
[ACK] - Now the ACK is a ACKnowledgement to the request made by a computer that is trying to connect to you. Once a Syn is sent to you you need to ACK it, then Send back another syn to the computer requesting connection to confirm the packet sent was correct.
I sure hope that helped you understand a little more about SYN and ACK. If you have further questions try looking for texts on TCP/IP (such as BSRF's TCP/IP text - blacksun.box.sk/tcpip.txt). Now onto the fun stuff.
Using Netstat it for ICQ and AIM
Have you ever wanted to get someones IP address or hostname using [Aol Instant Messanger] or [ICQ]? Well your in Luck.
[AIM] - With AIM you can not ussually find the exact IP address without some trial and error because most of the time it seems to open up all online users on Port 5190. So Less users online easier it is. So goto Ms-Dos Prompt and type netstat -n here you will see under [Foreign Addresses] a IP:With port 5190. Now one of those IP's connected to you with 5190 is going to be your target aim user. Just use trial and error to find out is ussually the easiest way.
[ICQ] - To get a IP using netstat of a ICQ user is easy before talking to the person on ICQ you must open ms-dos prompt and do netstat -n to list all IP's and ports.Write them down or copy them somewhere you will remember to look back. Now it's time to find out his IP. Message the user witha single message now quickly do Nestat -n. And you will have a new added line of a IP address, just search for the new one on the list under foreign and once you find it you now have your buddys ip without any patches or hacks. Pure skill :P.
Other Uses
Netstat can be used to get IPs of anything and anyone, as long as there's a direct connection between you and the target (i.e. direct messages, file transfers or ICQ chats in ICQ, DCC (Direct Client Connection) chat and file transfers in IRC etc' etc').
Tools and Utilities:
Port scanning: To look for any open ports on a computer:
- [7th Sphere Port scanner] - (2 mirror sites so if one link doesnt work)
- http://members.xoom.com/Cryptog/7spereportscan.exe
- http://members.xoom.com/gohan_3/7spereportscan.exe
Firewall to moniter Ports and registry:
- [Lockdown 2000]
- http://www.lockdown.com
For Communicating better:
- [ICQ]
- http://www.icq.com
- [Aol Instant Messanger]
- http://www.aol.com
Two Quick Tips
A - Sometimes Netstat can generate very long lists, which are especially confusing for newbies. If you're having difficulties, just run netstat, and then make a direct connection of some sort to your target, or make it connect to you (ICQ, IRC etc', you get the picture) and run netstat again. There should be a new line - this is what you're looking for.
B - If netstat's output is too long, type 'netstat -an greather than c:\some-directory\some-file.txt' (without the quotes, and you can replace the parameters -an and the filename and it's path with anything you'd like). This will dump the output to that file for easy viewing, and will also let you copy AND paste.
I think there are better ways to understand the internet than with tools you find.
Learn how to do stuff manually so you fully understand whats going on. This will fuel your power and kill your lameness :)
Tuesday, June 29, 2010
Monitor a Remote Computer with Activity Monitor & Net Monitor
Ok Guys, i wanna ask you some thing....
That Which software could you used for monitorring a remote computer (remote IP) on Internet?
Keylogger... IStealer.... or any other.
But yesterday night when i'm surfing on net, i saw a Ads of Monitoring Softwares. And after a sort view, i think that Why can't i check it? So, i download it check one day n one night.
Now i'm ensure that both are good for monitorring an remote IP.
So, take a simple view of them......
(1) Activity Monitor
 |
DOWNLOAD ACTIVITY MONITOR
Easy Setup Instructions:
- Run downloaded activmon.exe file to install Activity Monitor on your computer
- Install Activity Monitor Agent (client part of the software):
- Start Activity Monitor and click Install Agent. Follow the instructions to install Agent on the remote computer you want to monitor
- If Agent can not be installed remotely, run amagent.exe on that computer to install Agent locally. amagent.exe is located in "C:\Program Files\SoftActivity\Activity Monitor\Agent\"
- Install Agent on the computers in Windows Domain using Active Directory Group Policy. Check Activity Monitor Help for instructions
- Optionally you may want to try monitoring your own computer first. In this case install Agent (amagent.exe) on same computer as Monitor
- Computer with installed Agent will appear in list in Activity Monitor. If it does not, click Add Agent to List and enter remote computer's IP address
- Double click on the computer in list to start monitoring
- For security reasons it is recommended to set access password when installing Agent
(2) Net Monitor for Employees
Mirror 1) DOWNLOAD NET MONITOR
OR
Mirror 2) DOWNLOAD NET MONITOR
Net Monitor for Employees Professional allows you to see screens of computers connected to the network. This way you can observe what your employees are doing! Additionally, you have the ability to take control of a remote computer by controlling the mouse and keyboard. You can record remote computers screens even when you are not monitoring them. When your employees need instructions, you can show them your desktop. To increase your efficiency the console now include several tolls that can be executed on all or just selected remote computers. When you need attention you can send a message to employees and/or lock the remote computer.
What is new in this release?
- Block Internet ac$cess.
- Record remote computers screens to AVI files.
- Stop applications on remote computers.
- For monitoring and recording your employees activities on a remote computers
- For preventing internet browsing on remote computers
- For starting and stopping applications and processes on remote computers.
- For monitoring students in the classroom to achieve better discipline or, just to assist them when they are in trouble (by using the remote control feature).
- For administrating all computers just from one location – your computer.
- For presenting your screen to students.
- For locking students computers while they are waiting for further instructions or assignments.
- Helping your students by showing your desktop to them.
- Turning off, restarting, .... remote computers with one click.
What are the major benefits of using Net Monitor for Employees Professional?
- Installation and use of the application is very easy since all of the functions can be accessed with a few mouse clicks.
- You have complete control over what remote users are doing.
- This application provides you with a live picture of the remote computer screens. The live screen (due to some optimizations) does not use a high bandwidth, but even when the lower network bandwidth is required the refresh interval can be enlarged using one mouse click.
- You can make the presentation by showing your live screen to students
- Application allows you to take over the remote computer by controlling its mouse and keyboard.
- The remote computers´ screens are represented in the table with a customizable number of rows as thumbnails.
- Using this application, you can always see which user is actually logged on to the remote computer.
- Schedule remote computers desktop recording to AVI files
- Execute several actions on all remote computers with on click
- Block internet access
Main Features:
- Displaying a live picture of a remote computer.
- You can take control of a remote computer by controlling its mouse and keyboard.
- More remote screens can be displayed in a table.
- Computers can be organized in computer groups (e.g. classrooms)
- A remote screen can be zoomed to an actual size.
- The name of the connected user is displayed.
- Record remote computers screens to AVI files.
- Show your desktop to students
- Power off, restart, hibernate, suspend remote computers
- Log off desktop users
- Lock workstation
- Control screensaver
- Block internet
- Multi-monitor support
- Control over running processes
- You can lock selected remote computers
- You can display a message on selected remote computers.
- When lower bandwidth is required, the refresh interval can be enlarged.
- Automatic connection to a remote computer is optional.
- Settings for the agent are encrypted and password protected.
- Connection to a remote computer is password protected.
- Access to monitoring the console is password protected. If more users use the same computer, different profiles and access passwords can be set.
- More monitoring consoles can be connected to the same remote computer - you can monitor your students from different locations.
- Application can optionally use encrypted communication.
- Agent can be remotely installed.
- Fast users switching is supported.
Sunday, May 30, 2010
XP Tips & Tricks
Disabling Scandisk
When Windows is not shut down correctly, it will perform an AutoCheck
using CHKDSK on the next restart.
AutoCheck is executed after a short time delay. AutoCheck can be
disabled or delayed by tweaking a few Registry settings.
Run ‘Regedit’ from ‘Start Menu|Run...’
Go to ‘HKEY_LOCAL_MACHINE|SYSTEM|CurrentControlSet|Control|Session Manager’.
Create a new DWORD value, or modify the existing value, called “AutoChkTimeOut” and set it according to the value data below.
Value Name: AutoChkTimeOut. Data Type: REG_DWORD (DWORD Value).
Value Data: Time in Seconds or 0 to disable (default = 10).
Exit your registry, you may need to restart or log out of Windows for the change to take effect.
Monitoring the system
There are various applications you can use to monitor the state of your system at any given time. One of them is a program called CoolMon (www.coolmon.org) where you can monitor about 22 of the most geekiest system parameters like the temperature and speed of your system fans, the number of processes running, the total available memory on your hard disk and RAM, CPU utilization, etc. Each of these can be individually con. gured to appear on the interface. Best of all, this monitoring happens in real time. Better still, the program is free.
If you need more details than what is offered by Windows System Information or the Device Manager, try out an application called Everest Home Edition (www.lavalys.com). This application hunts through your hardware and software setup and extracts every piece of information you might need about your processor, motherboard, graphics card, hard disk and any other piece of hardware or software information that you might care to know about your computer.
Compress drive to save disk space
its not possible to increase ur memory size but u can compress ur data to save ur disk space, this feature is available in NTFS drive..
if u have a fat or fat32 drive, u can convert it to ntfs by running a command on dos:
for c drive: convert c:/fs:ntfs
for d drive: convert d:/fs:ntfs
for e drive: convert e:/fs:ntfs
run the command similarly if u have more drive...
Compresing data in NTFS
* open my computer
* select any drive(drive with NTFS format)
* right click and select properties
* click on general tab
* select "compress drive to save disk space"
* Apply and OK
ur data will remain safe...
- Changing the Location of Special Folders
You can modify the registry to change the location of special folders like:
* My Documents
* Favorites
* My Pictures
* Personal
1. Start Regedit
2. Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
\Explorer\User Shell Folders
3. Double click on any locations you want to change and alter the path
4. Logoff or restart for the changes to go into effect
Eliminating the Right Click on the Taskbar
To eliminate the right click on the taskbar:
1. Start Regedit
2. Go to HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \
CurrentVersion \ Policies \ Explorer
3. Add a DWORD and give it a name of NoTrayContextMenu 4. Give it a value of 1
5. Reboot
Eliminating the Right Click on the Desktop
To eliminate the right click on the desktop:
1. Start Regedit
2. Go to HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer
3. Add a DWORD and give it a name of NoViewContextMenu
4. Give it a value of 1
5. Reboot
These are only three tricks…..there are many more available on net…..the idea here is not to teach you how to disable right click or how to change the color, fonts, looks, etc…..
The basic reason why I post this chapter is to teach that if registry is the place where all the information is stored then why cant we brake passwords from here???
E.g. I install a software on my system to guard some folders which contain material which I want to hide. In order to access the folder I have to input a password, and if it is right only then I can see the content of the folder. From this example it is clear that the password is stored somewhere in the system from where the software compares the value which I enter in the password field. For this example as well as for every other software which asks for password to access the system features including the windows login password, all these values are stored in windows registry. Whenever the user enters a password, it is compared with the value stored in the system registry, and if it is found correct only then the user is allowed to access the feature.
In Windows registry we can search for specific items, keys, values or software’s using the search function in edit menu. But there is one problem the password is not stored in its original form, it is converted to some other format so that no one can recognize it.
E.g.; If I set the password as “hacking” it is stored as “6167453291” or may be some other form depending upon the software. In such cases what we can do is reset the password i.e. delete the value (whatever it is). Once the value is deleted there is no password and our purpose is solved.
Subscribe to:
Posts (Atom)
