> I noticed a lot of netbios name service broadcast from different windows > workstations for name resolution requests of various webserver names. It > seems that the IE tries to resolve normal internet domain names > using local netbios ways in addition to the configured DNS. That's the standard search order for Windows; it checks lmhosts, WINS, hosts and DNS (not necessarilly in that order, its been a while since my MS TCP/IP class). > Now I can all see surfed domain names with the requesting client > IP without spoofing anything, simply watch the broadcasts coming along. You could just as easilly get that information from watching DNS traffic. Also, web requests include the domain name (otherwise virtual hosts wouldn't work) so you can just monitor HTTP and get everything you want. If you are on the local network (or along the path of travel) anything that isn't encrypted is fair game. -G_E
This archive was generated by hypermail 2b30 : Fri Apr 26 2002 - 09:02:30 PDT