hello for a great sniffer i would recommend you ethereal...take a look at http://www.ethereal.com/ ... but first you'll have to install winpcap take a look at http://winpcap.polito.it/ hope this helps saludos javier --- Lee Evans <leeat_private> wrote: > Hi All, > > I have found an executable called secure.dcom.exe > when looking around a > customers server. They hadnt patched the server > above SP4 and I assume it > has been exploited using the RPC DCOM vulnerability. > A serv-u ftp server has > been installed, but im still looking into it to see > if I can spot anything > else. Netstat shows a bunch of outgoing connections > to 6667 - > irc.homelien.no. Unfortunately there are no IDS or > other systems on this > network segment I can use, so im looking for someway > to capture this traffic > and hopefully track down some more details on the > irc traffic - if anyone > can recommend a good (preferably free) traffic > sniffer I can quickly install > on the host locally (win2k sp4) to decode the IRC > traffic I would be > grateful. > > The exe is available from > http://www.leeevans.org/secure.dcom.exe - if > anyone wants a look. I'd be interested to know more > about it, if anyone has > come across it before or can find out. > > Regards > Lee > -- > Lee Evans > > > --------------------------------------------------------------------------- > ---------------------------------------------------------------------------- > --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Wed Aug 06 2003 - 17:34:20 PDT