On Tue, 2004-06-08 at 10:41, Chadley Wilson wrote: > I have banned the use of rlogin and telnet and the other insecure tools > and need to be able to catch employees using them. > As we have had a few crakers on our network previously. > > My training instructor showed me a tool that ran in terminal with a blue > background that actually listed all active connections on the network > (intranet in my case) he selected one and showed us how the text was > transferred unencrypted, but I can for the life of me remeber what it is > called. > Any ideas. Not sure of that particular application. But you can use ethereal to filter for telnet and rlogin connections only (keeps the amount of data to reasonable level). You will still need to setup your switch to mirror the ports you want to monitor to the interface of the system running ethereal or tcpdump or snort or any of a number of sniffer packages that are available. -- Scot L. Harris webid@xxxxxxxxxx It's not reality or how you perceive things that's important -- it's what you're taking for it...
