spying on the corporate LAN.. how to detect?

[poohke]

Well, couple off colleagues of mine are getting paranoid, thinking the network administrator is spying on them.
How can this be detected? I know not all can be detected but some of the more easy ways to spy on colleagues must be easy to detect aswell not?
So. HOW?!

 

[mgpaulus]

I do not believe that there is any way to tell, if the Network Admin's are doing packet sniffing. By nature, this is a passive activity, and the only way to tell would be to see if they have a sniffer setup somewhere. Of course, they only need to be worried if they are doing something wrong, right??

 

[xyyz]

also, if you are using company's faclities on the company's time, i think it's perfectly legal for them to do this... i'm not saying that it's right or anything about the paranioa... but my worry would be... if the company is snooping these guys can't really do much. :/

if they are ircing or something ;p ... i'd suggest telnetting into a unix/linux box with a secure shell... that way they can packet sniff all they want but they wont be able to make heads or tails with what's going on.

although, and not to increase the paranoia, but the admin could sneak onto the system later in the day and install a keystroke logger.

something like this happened to me once... where a company i was consulting for found my ICQ logs and read all about how i thought he was an asshole.

 

[shadow]

lol, did you get fired?

 

[xyyz]

muahhahahahaha

no... lucky for me... I finished the project the day before... and to get a few extra hours i was ICQ'ing... the guy saw it was annoyed... i didn't care and when i left he took a look. actually, i'm glad he did... although talk about and uncomfortable sittuation when he wanted to talk about it the next day.

hmmm i guess i know why they never called me back for additional work

 

[poohke]

mgpaulus: Everyone with unlimited i'net access and a lot of free time (odd situation, but they don't have any real work for a couple of months and company won't fire them) is bound to do something not completely correct, isn't it.
And uhm.. they are afraid that inetting is a reason for letting them off, without the usual lay-off fee.

xyyz: i don't think so. In this case they've heard stuff in the hallways one of them only emailed her husband. Snooping email might not yet be illegal in Blgian (i'm not sure) but that don't mean I don't like it.
No irc'ing or anything either, just personal email and some surfing.

I was btw asking for the more detectable/easy easdroppign techniques like keyloggers, and stuff, but come to think o it.. it's easier to
do some packet sniffing I guess

Thanx anyway guys

 

[FirmPete]

If your network administrator is any good...

You don't.

Over here I can actually see what any user sees on his monitor... So who needs a keystroke logger?

(But since I'm a such a nice guy, I don't use it to spy)

OR DO I ???????? hahaha

 

[CTR]

If the netadmin is spying on your friends, then:

A. He is under direction to do so from higher up.
B. He is bored with his job and trying to get fired.
C. He is some kind of pervert or psycho.

Just ask the guy if he's spying on people. If situation A is true he will probably let you know what's up. If it is B then he will most likely get scared and stop. If it is C, well I don't know what would happen. He might set your house on fire or mutilate your cat or something.

 

[BigDady92]

Here's a easy way to see if he's snooping: Find out if you are on a switched network.


A switched network is vitrually packet sniffing proof. Due to the virtual circut connections established by each port it is next to impossible( i said next to..it can be done by some expensive programs and some hard work but it takes cash and time..not something small shops can do. Big ones can but who's got time to do that when you have servers to fix when they crash.).

Now he can be sniffing on the firewall/proxy/router and monitoring what computers open up what ports, and requests that way. It is not that hard to do with the right software.

My guess is your friends are paranoid as hell so quit using the company email for anything nonbusiness and remove all IM from your desktops. Work computers are for work and not play. I have fired many a folk who thought they were above that motto.

 

[xyyz]

BigDady92,

what if they are routing all traffic out of say one proxy server, it's not too difficult to place the sniffer there... it doesn't require advanced software...

 

[mastarecoil]

I say find him and threaten to break his legs if he dosent stop. But if that dosent work just unplug your network cable when you dont need on the network.

Garrett.

 

[xyyz]

that or teach him how to talk to gurls... if he does snoop, i doubt he has this skill... hence the snooping...

he'll forever be in your debt.

 

[spidey07]

to tell you the truth, the "network" is owned and operated by "the company". Any snooping is totally within "the company's" rights.

You wouldn't use "the company's" mail service to recieve your subscription to playboy would you? Same thing with information technology.

To that end, I can see exactly what you're doing and read your passwords, ICQ conversations, e-mail, and just about anything else you do without you or anybody else knowing it. It is impossible for you to tell unless you're running token ring. That kind of visibility comes with the job and I would never reveal any information learned via these methods unless absolutely warranted.

bottom line...you can't detect. Talk to the net admin's boss.

 

[poohke]

roger that folks..
few rematks.. myname@company.com .. isn't that like private by law?
btw, our admin is about 40 years and lives with his mom.. doens't always have to be a psycho, but this guy comes close (Pls don't be spying on me now!).
1 last question: how does such a sniffer work? Does he have to monitor it all the time? does it log everyytihing nice and readable? ...?

thanks for the info's

 

[fargus]

There's a neat little app from l0pht called anti-sniff... it detects NIC's that are in promiscuous mode, ie, sniffing. It will basically tell you if anyone's running a packet sniffer on your network.

 

[LordSandMan]

40 years old eh, well he's probably a cross between some psycho/nerd. In which case he has probably had nothing to do his entire life but hack his computer, so he probably knows what he's doing.