Re: Ethereal Capture Decoding

From: chris@nospam.com
Date: 10/23/02

• Next message: Chris: "Re: Which is more secure XP or W2K Pro?"
• Previous message: davide@yahoo.com: "Re: Which is more secure XP or W2K Pro?"
• In reply to: : "Ethereal Capture Decoding"
• Next in thread: : "Re: Ethereal Capture Decoding"
• Reply: : "Re: Ethereal Capture Decoding"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: chris@nospam.com
Date: Wed, 23 Oct 2002 08:48:35 -0700

On Wed, 23 Oct 2002 01:02:14 -0500, Ed <ednot@home.net> wrote:

>Hello All!!
>
>We are using Ethereal to monitor our network. This is in the context of
>a very clear corporate policy of no privacy, no pornography on the
>corporate network. My employer was recently wacked with a sexual
>harassment complaint because a manager was showing less than tasteful
>jpegs to one of his female subordinates. Hence, the strict and very
>clear policy.
>
>In any case, I've been roped into random checks to make sure everybody
>is complying with the new policy. I'm able to rebuild web pages that
>have been visited but the owner would like to take it a step further and
>actually view any jpegs or other files that were downloaded from web
>sites. While I'm able to capture the data stream using the Follow TCP
>Stream command, I don't have any clue as to how to convert the stream
>into an actual jpg or gif or whatever file. Any help or pointers would
>be very much appreciated.
>
>TIA
>Ed

If you're employer is serious, then push to buy some software
dedicated to this purpose. There are many packages that will monitor
and block sites. Capturing the sessions is a feature of some.

Buying software will be cheaper in the long run, when you consider
your time spent sniffing data streams and the potential for a law
suit. Random monitoring may not be an adequate defense in a law
suite. Plus to fire someone you need a good log file (btdt).

---

• Next message: Chris: "Re: Which is more secure XP or W2K Pro?"
• Previous message: davide@yahoo.com: "Re: Which is more secure XP or W2K Pro?"
• In reply to: : "Ethereal Capture Decoding"
• Next in thread: : "Re: Ethereal Capture Decoding"
• Reply: : "Re: Ethereal Capture Decoding"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Ethereal Capture Decoding ... >>We are using Ethereal to monitor our network. ... >>a very clear corporate policy of no privacy, ... While I'm able to capture the data stream using the Follow TCP ... (comp.os.ms-windows.nt.admin.security) Re: Group Policy debug tool? ... gpresult as well rsop.msc can be targeted to monitor a remote computer. ... > tells you what each CSE is doing as the policy is applied and gpedit.log ... > and in fact you may be able to use Regmon to get some sense of this. ... How do I monitor group policy functions? ... (microsoft.public.windows.group_policy) RE: Internet E-mail monitoring/approval ... business can monitor email for any number of reasons without any form of ... It would seem that if the business is the ... Of course a good written policy makes this conversation mute :-) ... (Security-Basics) Re: Detecting Loss of Data Stream in LAN ... I use 'snort' to monitor traffic http://www.snort.org/ ... Another approach I'm also interested in is to monitor the data stream ... You likely have some router, and that router may have NAT tables, ... a server DNS server, DHCP for auto network configuration, ... (sci.electronics.design) Re: Detecting Loss of Data Stream in LAN ... loss and log the loss and restore times. ... Another approach I'm also interested in is to monitor the data stream ... A good E-mail program will log server failures. ... (sci.electronics.design)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)