"Spy" software

sirgregg · December 5, 2009

So here's the thing. My employer has a couple of workers he doesn't really trust. He asked me to try and find a way to monitor his actions on the PC. I tried to find an auditing software but everything I could find is either very expensive or not really stealthy. I thought about capturing the packets between the PC and the router (since I'm mostly interested in the web traffic) and filtering them on the fly to save only the important information. I am not however sure if that's possible, and if - how to do that.

How would you go about doing that? Any ideas, solutions?

Sparda · December 5, 2009

You could easily use a proxy, even make it transparent so no actual configuration has to be done on the computers.

thefatmoop · December 6, 2009

if you have a linux pc use ettercap to mitm the employees then use urlsnarf to see the urls they visit. for lols you use driftnet after mitm and see all the images going through ur network card

[sudo] ettercap -i <network interface> -G

urlsnarf - sniffs traffic for url headers (text based, and just the url of the page) sudo urlsnarf -i eth1

Driftnet -Driftnet is a program which listens to network traffic and picks out images from TCP streams it observes. driftnet -i eth1

or just get some hardware keylogger.

im very surprised your employer has no way of monitoring traffic/comp use o.o what happens if a serious lawsuit gets thrown at the company cause someone was uploading/downloading kiddy pr0n or music. if u can't get evidence who did it the company is going to take the blame

Sparda · December 6, 2009

ARP poisoning any network is ultimately a bad idea. It's more likely to brake things than doing some thing else that achieves the same effect.

digip · December 6, 2009

http://www.spyassociates.com/computer-soft...01f2542542487eb

azend · December 6, 2009

Or you could pull the lazy way and just grab their deleted history: LINK

catchyanow · December 6, 2009

Or you could pull the lazy way and just grab their deleted history: LINK

lol

Sud0x3 · December 6, 2009

Depends on company policy on employees use of computer networks. When you start a new job you would usually have to sign a company statement on authorised use of their networks, if you don't have it in writing that their traffic can be monitered without their knowledge then you could have a lawsuit on your hands.

wh1t3 and n3rdy · December 7, 2009

Any company with half a brain will have that clause in there Systems user agreement IMO. My last job had this , and it wasn't very well enforced which sucked. Nothing like doing double the work so other people can fuck around on facebook all day (They wouldn't block it, no matter how many times the issue was raised.)

digip · December 7, 2009

Our system used a proxy you had to log into. The proxy would pop up with a note that all system activity was logged and for bussiness uses only, violators would be terminated. The system for the most part blocked sites like Facebook and YouTube anyway, so you couldn't get on them if you wanted to. Why a company woudl not block them to begin with is their own fault.

wh1t3 and n3rdy · December 7, 2009

I agree. Where I am now uses a transparent proxy but tbh the percentage of offenders is a great deal less than where I worked before. Facebook was blocked here because it accounted for 25% of internet traffic.

MRGRIM · December 7, 2009

Any good firewall should give you these kind of reports? What firewall are you running?

thefatmoop · December 8, 2009

ARP poisoning any network is ultimately a bad idea. It's more likely to brake things than doing some thing else that achieves the same effect.

you mean break?

Sparda · December 8, 2009

you mean break?

yes, spelling is not my forte.

d4rkfe4r · December 8, 2009

Yeah, I need to install some sort of filter at my job i just dont know which one I should get.

Ryan J · January 3, 2010

So here's the thing. My employer has a couple of workers he doesn't really trust. He asked me to try and find a way to monitor his actions on the PC. I tried to find an auditing software but everything I could find is either very expensive or not really stealthy. I thought about capturing the packets between the PC and the router (since I'm mostly interested in the web traffic) and filtering them on the fly to save only the important information. I am not however sure if that's possible, and if - how to do that.
How would you go about doing that? Any ideas, solutions?

1)Hard IP the box

2)Use wireshark and just listen to the activity to and from that box

joeypesci · January 5, 2010

Regarding auditing software. Spiceworks is free and seems good.

bmanice · March 25, 2010

im pretty sure you can get webmarshall free for 30days, set it up on a box and target your problem child until your told to stop. and don't forget to get authorization before doing any sort of monitoring, this could back fire and make you lose your job...

webmarshall kinda sucks for a permenant solution, i used it before, but its the only one i can think of off the top of my head.

also make him a normal user while your doing this so he cannot modify browser proxy settings and bypass it...

g/l

Sign In

"Spy" software

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Recently Browsing 0 members