Since no one else has answered yet, I will give it a shot... If I am way off
base, someone correct me! :)
I think the answer depends on the level of information that you want. If
you want just a quick snapshot, you could put an ethereal box in line (using
a hub, not a switch) with your router interface (or uplink interface on a
larger network, where you just want to look at traffic on one switch or
group of switches) and capture all of the packets over a certain period of
time, and then sort them out. However, for a more long term approach, you
would have to use some kind of information gathering device. We use a
product (non-freeware) to capture, sort, and report on all of the traffic
that our Cisco routers are routing. Using a method like this will allow you
to create or determine a "baseline" of your normal traffic, so that you can
not only figure out who is using what kind of service, but also allow you to
notice drastic changes in the traffic patterns in your network, giving you a
warning that something (DDOS, virus, spam, etc) is going on... The software
that we use utilizes Cisco's netflow information.
Alex Moen
Operations Technology Specialist
NDTC
-----Original Message-----
From: Nabeel S. Alzahrani(äÈíá ÇáÒåÑÇäí)
[mailto:nalzahrani@gosi.gov.sa]
Sent: Monday, November 28, 2005 10:37 PM
To: pen-test@securityfocus.com
Subject: How to detect the IPs of users who are using IM and
P2P programs
Dear All,
Is there any tool/method that allow me to detect the IPs of
users who are using IM (Instant Messaging i.e. MSN messenger,
Yahoo messenger, ICQ, etc) and P2P (Peer-2-Peer programs such
Kazaa) in our network?
Thanks
--------------------------------------------------------------
----------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking
applications on your
website. Up to 75% of cyber attacks are launched on shopping
carts, forms,
login pages, dynamic content etc. Firewalls, SSL and
locked-down servers are
futile against web application hacking. Check your website
for vulnerabilities
to SQL injection, Cross site scripting and other web attacks
before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
--------------------------------------------------------------
-----------------
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
