Any system experts?


Status
Not open for further replies.
T

togu

Senior Member
Jul 11, 2002
5,290
0
0
50
@ D08
www.tommygui.com
Totally off topic tho. :embrass:


Are there any ways to log a particular user's activity on another system, let's say base on his IP? Any tools, or programs to help on that? Ideally will be something like this:


Mr A login to system B, system B track all Mr A's activity on the system into a log file and send to Mr C.


Many thanks. :)
 

a packet sniffer/interceptor/monitor can help but only if you have full access to system B.
 

togu said:
Totally off topic tho. :embrass:


Are there any ways to log a particular user's activity on another system, let's say base on his IP? Any tools, or programs to help on that? Ideally will be something like this:


Mr A login to system B, system B track all Mr A's activity on the system into a log file and send to Mr C.


Many thanks. :)
Click to expand...

Totally possible. These are called sniffer programs and they are commonly found on the net. You will be amazed (and frightened) at the level of logging they can get down into. The best part is, the user will have no idea the sniffer is running in the background as they hide themselves from the task manager. They will only surface on the victim's PC using a defined combination of keystroke. Of course, they can be configured to send the information to an email address at pre-defined intervals.

The only challenge is, how to install (or get the victim to install) the sniffer program without him knowing it. I guess this is where trojan horses come in.

So togu, you are thinking of.... :think:
 

gremlin said:
...

So togu, you are thinking of.... :think:
Click to expand...


:kok: :kok: :kok:

I want to keep track of what a particular user will do on another system.


Not exactly what I wanted tho. For my case, I'm not interested in what the user will do on his workstation, rather I want to find out what the user will do when he logon to the server remotely. :think:
 

Well, you can have something more sophisticated than a sniffer, but probably have to pay for it ... there are remote agents that can monitor things from processes to traffic to performance metrics, and send them back to a server program. You can even program alerts or traps in, eg. if someone triggers a particular program or opens a port.

It's been a while since I was involved in this area, but perhaps a good place to start is by doing google searches, or try one of the more well-known commercial vendors, www.bmc.com ...

HTH ...
 

togu said:
I want to keep track of what a particular user will do on another system.


Not exactly what I wanted tho. For my case, I'm not interested in what the user will do on his workstation, rather I want to find out what the user will do when he logon to the server remotely. :think:
Click to expand...

:bigeyes: hope u got big budget to do it.... it is gonna be very costly.... you can look into software like NAI McAfee Network Protection Security Forensics

Gd Luck :devil:
 

Tracking everything that goes on in a remote system can be quite tedious. A simpler way would be to capture and record the user's screen for the entire session of his connection to the remote system. This makes it easier as you won't have to sift through pages and pages of logs just to guess at what the user is doing.

One such software we tried last year was called:

"What Are You Doing"

We had this running on our company's network to monitor the activities of Industrial Attachment Students and had on a number of occasions caught them browsing through "wildlife" photos. There's always a strong smell of urine when we pull them in to show them their "ECA". :devil:


togu said:
:kok: :kok: :kok:

I want to keep track of what a particular user will do on another system.


Not exactly what I wanted tho. For my case, I'm not interested in what the user will do on his workstation, rather I want to find out what the user will do when he logon to the server remotely. :think:
Click to expand...
 

What O/S is your remote server running? There are lots of free logging tools available for Linux/UNIX machines.
 

Goodie, thanks for all the help, gotta keep sourcing. :think:

If it's too expensive, I might as well install a CCTV behind that Mr A, and record full time. :sweat:



BTW, jeff, you still surviving? :bigeyes:
 

Hi Togu. It can be quite expensive. If it is Linux or Unix then you could probably find a lot of free tools on the internet to help you achieve your goal. If it is Windows base then chances are you will have to pay for it as the freebies that I have tried just doesn't cut it. I've tried one that send me tons of information that I find an overkill. Going through it is a major task and a time consuming effort. A cheaper and simple alternative is to install a keystroke logger but it may not be what you are looking for.
 

Is this similar to what you want?
A log in to his computer A(ip *.*.*.2), at the same time login to the server B(ip *.*.*.5).

You login to your computer C(ip *.*.*.8)
Install sniff software to your computer C IP 8. Log the traffic between IP 2 - IP 5.

Any encryption between comp A and server B?
 

ethereal, go to yahoo or google to search.

PM me if want more detail. Put too many stuff here skali kena banned. :D
 

Cool...looks like you can be monitored unknowingly....hey how about r there any freeware to check whether such sniffer program is installed in my PC? (just in case my company have such program installed :) )
 

DennisLee said:
Cool...looks like you can be monitored unknowingly....hey how about r there any freeware to check whether such sniffer program is installed in my PC? (just in case my company have such program installed :) )
Click to expand...

yup, try freeware adware... www.adware.com

anyway, for system monitoring of illegal changes on system, can try TripWire, must pay and is an enterprise solution, used in most banks and other enterprises...
 

It's ok, I manage to get the hash values of all the accounts, and use some "brute force" to "de-hash" everything. Follow by installing some stealth activity monitors on my targeted pc. Everything is under control now. :devil:



Thanks for everyone's help.


:gbounce:
 

ASK ME !! ASK ME !!

Before you continue, I want to make this clear. ad-ware is ad-ware, ad-aware is ad-aware, they are both different thing. Ad-ware is something installed on your system without your knowledge, they usually will hijacked your homepage, add a tool-bar on your Internet Explorer, pop up a windows out of a sudden and log wat website u visited.



Firewall like zone alarm, Anti-Virus like norton, even those with web filtering, will NOT block ad-ware(aka spyware). They can block banner, cookies and etc..only but that's not enuff.

Ad-ware(spyware) will also installed on your system if you download screensaver, shareware or utility, it will also be downloaded if you visit porn site, warez site . Usually they are not detectable by anti-virus and firewall, coz the program itself does not contain virus!

So, you need a dedicated ad-ware scanner. Spybot, Ad-Aware are example.

Why they can block ad-ware but firewall or anti-virus can't? Coz ad-aware prog can monitor your registry and file structure. They can detect any changes done to your file or registry when you start your machine. This is where ad-ware get "alive", they usually start to edit your registry everytime u start your machine. virus-Scanner or firewall, don't stop program from editing the registry or file. It isn't consider a virus.
 

ninelives said:
ASK ME !! ASK ME !!

Before you continue, I want to make this clear. ad-ware is ad-ware, ad-aware is ad-aware, they are both different thing. Ad-ware is something installed on your system without your knowledge, they usually will hijacked your homepage, add a tool-bar on your Internet Explorer, pop up a windows out of a sudden and log wat website u visited.



Firewall like zone alarm, Anti-Virus like norton, even those with web filtering, will NOT block ad-ware(aka spyware). They can block banner, cookies and etc..only but that's not enuff.

Ad-ware(spyware) will also installed on your system if you download screensaver, shareware or utility, it will also be downloaded if you visit porn site, warez site . Usually they are not detectable by anti-virus and firewall, coz the program itself does not contain virus!

So, you need a dedicated ad-ware scanner. Spybot, Ad-Aware are example.

Why they can block ad-ware but firewall or anti-virus can't? Coz ad-aware prog can monitor your registry and file structure. They can detect any changes done to your file or registry when you start your machine. This is where ad-ware get "alive", they usually start to edit your registry everytime u start your machine. virus-Scanner or firewall, don't stop program from editing the registry or file. It isn't consider a virus.
Click to expand...


:thumbsup: :thumbsup: :thumbsup:
 

Status
Not open for further replies.

Similar threads

RSSNewsFeeder
PetaPixel Shure’s New SLX-D System Can Make Any XLR Source Wireless
Replies
0
Views
168
News from the Net
RSSNewsFeeder
RSSNewsFeeder
RSSNewsFeeder
LR Tips How Lightroom Classic Users can do a Visual Search (cooler than it sounds)
Replies
0
Views
219
News from the Net
RSSNewsFeeder
RSSNewsFeeder
RSSNewsFeeder
LR Tips Create a Photo Summary in Lightroom Classic Export
Replies
0
Views
233
News from the Net
RSSNewsFeeder
RSSNewsFeeder
RSSNewsFeeder
LR Tips Key Things Everyone Using Lightroom Classic Should Know: Part 1
Replies
0
Views
399
News from the Net
RSSNewsFeeder
RSSNewsFeeder
RSSNewsFeeder
LR Tips Key Things Everyone Using Lightroom Classic Should Know: Part 2
Replies
0
Views
399
News from the Net
RSSNewsFeeder
RSSNewsFeeder
Top Bottom
Back