detective work... - Computer Forensics - tribe.netTribe.net. Local ConnectionsRe: detective work...$item.owner.firstNamehttp://computerforensics.tribe.net/thread/418b8608-0e2e-493e-93c7-4cd049e21e44#6fc9b645-6110-443f-a88a-2178784d58372004-10-31T02:13:37Z2004-10-31T02:13:37ZI suggest findng a packet sniffer for a mac (perhaps ettercap has a mac port) and actually seeing what traffic is passing through.
I would be willing to look at the packet capture if you manage to get that far.
I don't look at this tribe frequently, so if you do that, make sure you send me a private message.$item.owner.firstName2004-10-31T02:13:37ZRe: detective work...Genghis "Doh!"http://computerforensics.tribe.net/thread/418b8608-0e2e-493e-93c7-4cd049e21e44#b878d597-0c63-41b1-aff2-8ebfab0a8bb02004-10-29T23:06:29Z2004-10-29T23:06:29ZIf you had a PC, I'd suggest Sygate Personal Firewall Pro. Let's you intercept data packets.
Sorry, don't know Mac firewall products.Genghis "Doh!"2004-10-29T23:06:29Zdetective work...Philen, Larryhttp://computerforensics.tribe.net/thread/418b8608-0e2e-493e-93c7-4cd049e21e44#c2abaaac-a90d-4895-a9d9-f2f0f04f67c32004-10-29T23:02:39Z2004-10-29T23:02:39ZHi, I've been involved with some strange people. I won't go into the specifics, but, I run a Mac and I can close my Internet connection (DSL) and whenever I open certain applications, I see activity on my modem. All my IP apps show there is no connection, but certain programs seem to be able to send info anyway. When I do have the connection open, every 30 seconds or so, I show activity on my modem. I've checked all the settings I know of and none are set to "keep connection open" so there's no reason my machine should be sending packets.
I'd really like to be able to figure out who is getting this info, but without their knowledge.
I don't have a firewall installed because I want to find out what's happening without blocking these guys from my computer.
Any suggestions?Philen, Larry2004-10-29T23:02:39Z