From: Alex Moen (alexm@ndtel.com)
Date: Tue Nov 29 2005 - 09:07:50 EST
Since no one else has answered yet, I will give it a shot... If I am way off
base, someone correct me! :)
I think the answer depends on the level of information that you want. If
you want just a quick snapshot, you could put an ethereal box in line (using
a hub, not a switch) with your router interface (or uplink interface on a
larger network, where you just want to look at traffic on one switch or
group of switches) and capture all of the packets over a certain period of
time, and then sort them out. However, for a more long term approach, you
would have to use some kind of information gathering device. We use a
product (non-freeware) to capture, sort, and report on all of the traffic
that our Cisco routers are routing. Using a method like this will allow you
to create or determine a "baseline" of your normal traffic, so that you can
not only figure out who is using what kind of service, but also allow you to
notice drastic changes in the traffic patterns in your network, giving you a
warning that something (DDOS, virus, spam, etc) is going on... The software
that we use utilizes Cisco's netflow information.
Alex Moen
Operations Technology Specialist
NDTC
> -----Original Message-----
> From: Nabeel S. Alzahrani(نبيل الزهراني)
> [mailto:nalzahrani@gosi.gov.sa]
> Sent: Monday, November 28, 2005 10:37 PM
> To: pen-test@securityfocus.com
> Subject: How to detect the IPs of users who are using IM and
> P2P programs
>
>
> Dear All,
>
> Is there any tool/method that allow me to detect the IPs of
> users who are using IM (Instant Messaging i.e. MSN messenger,
> Yahoo messenger, ICQ, etc) and P2P (Peer-2-Peer programs such
> Kazaa) in our network?
>
> Thanks
>
>
> --------------------------------------------------------------
> ----------------
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking
> applications on your
> website. Up to 75% of cyber attacks are launched on shopping
> carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and
> locked-down servers are
> futile against web application hacking. Check your website
> for vulnerabilities
> to SQL injection, Cross site scripting and other web attacks
> before hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> --------------------------------------------------------------
> -----------------
>
>
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:12 EDT