Forensic Concerns

[nujinini]

Hello Guys,

I am using a Fedora 10 distro and still have 4 other computers running on different distros at our home. 1 mac leopard, 2 ubuntu 8.03, 1 XP.

My questions...

1) Using my Fedora 10..would it be possible to check the sites the other computers are visiting even if we are not networked. I mean we are not connected together as a network but we get our internet connections from the same router.

2) If not, is there a terminal command for linux that can show me the hidden sites they could have possibly visited and deleted. At least for my fedora and for the ubuntu.

thanks in advance guys, more power, cheers!

[dxqcanada]

If the Fedora, Mac, XP, and Ubuntu hosts are using the same router ... then they are all networked.

In order to "sniff" network traffic from your Fedora host it must be able to see the TCP/IP traffic going to the router. That means placing the Fedora host between the router and them.

In most households, you probably have an Internet router with a number of switch ports and/or wireless. This makes it difficult to sniff, as the network traffic to each host will be segregated.

Utilities such as urlsnarf (I think part of dsniff) can display this type of information gained from tracing traffic gathered on the network.

[nujinini]

If the Fedora, Mac, XP, and Ubuntu hosts are using the same router ... then they are all networked.

In order to "sniff" network traffic from your Fedora host it must be able to see the TCP/IP traffic going to the router. That means placing the Fedora host between the router and them.

In most households, you probably have an Internet router with a number of switch ports and/or wireless. This makes it difficult to sniff, as the network traffic to each host will be segregated.

Utilities such as urlsnarf (I think part of dsniff) can display this type of information gained from tracing traffic gathered on the network.

Thank you for putting my words in order. Yes we use the same router and therefore we are networked.

Can you kindly be more specific please when you say I have to put the Fedora between the router and them? Yes we have an Internet router with a number of switch ports/wireless.

Where can I get urlsnarf/dsniff please?

Thanks again, cheerio!

[rituraj.goswami]

dsniff is free. googleit. or you can put the network in prosmicious mode.

[nujinini]

dsniff is free. googleit. or you can put the network in prosmicious mode.

hello & thank you! I downloaded dsniff but cannot seem to find it. I mean where to start clicking so I can use? or start to learn to use. its not in the applications/places/system button.

I tried whreis dsniff in terminal and this is what I got.

dsniff: /usr/sbin/dsniff /etc/dsniff /usr/share/man/man8/dsniff.8.gz

Can somebody please share how I can start? or where should I start?

thanks in advance, as always...

cheer

[yancek]

I've never used dsniff but your last post shows a manual page for it in /usr/share.
Probably be able to start it by opening a terminal and typing: /usr/sbin/dsniff

[nujinini]

I've never used dsniff but your last post shows a manual page for it in /usr/share.
Probably be able to start it by opening a terminal and typing: /usr/sbin/dsniff

Hello.

I opened a terminal and did /usr/sbin/dsniff and this is what I got:

[nujinini@localhost ~]$ /usr/sbin/dsniff
dsniff: nids_init: no suitable device found

What could be my next move please?

[yancek]

dsniff: nids_init: no suitable device found

Doesn't look like you have it configured. You could start by reading the documentation. There's an FAQ at this site:

dsniff

Google it and read documentation. I've never used it and wouldn't know where else to start.

[nujinini]

Doesn't look like you have it configured. You could start by reading the documentation. There's an FAQ at this site:

dsniff

Google it and read documentation. I've never used it and wouldn't know where else to start.

Thanks yancek, really appreciate this.