M
Mel
No it's not Java. (try rot13)
M
Michael Salem
Mel wrote:
....
I don't know how up-to-date this is, but FWIW here goes:
Installshield Command Line arguments
The Windows Installshield .exe files can take the following command line
arguments:
-is:extract
Extract the components from the .exe file.
-is:in
Unknown, probably for input files.
-is:javaconsole
After JVM resolution, bring up a window that will display the contents
of
standard out. Another workaround is to run the installer in a DOS or
Bash
shell
-is:javahome
Unknown, could be a way to specify which JVM to use. Unfortunately The
Installshield verification step is likely to reject non-standard JVMs
-is:log logfile
Send log output to logfile To generate a log file, run
e:/ptII1_0_1setup.exe -is:logfile c:/tmp/log.txt
-is:silent
Run in silent mode?
-is:tempdir tempdir
Use tempdir as a temporary directory.
-is:version
Print out the version of the installer?
HTH,
....
I don't know how up-to-date this is, but FWIW here goes:
Installshield Command Line arguments
The Windows Installshield .exe files can take the following command line
arguments:
-is:extract
Extract the components from the .exe file.
-is:in
Unknown, probably for input files.
-is:javaconsole
After JVM resolution, bring up a window that will display the contents
of
standard out. Another workaround is to run the installer in a DOS or
Bash
shell
-is:javahome
Unknown, could be a way to specify which JVM to use. Unfortunately The
Installshield verification step is likely to reject non-standard JVMs
-is:log logfile
Send log output to logfile To generate a log file, run
e:/ptII1_0_1setup.exe -is:logfile c:/tmp/log.txt
-is:silent
Run in silent mode?
-is:tempdir tempdir
Use tempdir as a temporary directory.
-is:version
Print out the version of the installer?
HTH,
J
John Corliss
Mel said:
Well I'm not sure I get your point. Of course I'm aware that there are
those out in the aether that are more adept at computing than I, but I
count on others who are likewise talented, yet wear white hats to come
up with stuff that will cover my ass. When the day comes that I don't
feel secure enough going online, I will simply disconnect. Let's see
them get me THEN. Besides, the point of a packet sniffer isn't to remain
anonymous, but rather to try to detect those who are violating my
privacy. That *is* the original subject of this thread. I never said I
wanted to become invisible.
I know for instance, that my computer, being always online, starts
getting huge numbers of hits from China every time I fire up a browser
or email-news program (what's THAT all about?) You can't remain
invisible if you want to interact online.
J
John Corliss
Mel said:
I use Iceows to open .rar files. Will give that a try next time I
encounter an .msi file. Thanks!
J
John Corliss
Michael said:
Not sure those are very current. Is this a current list? (sorry about
the Tinyurl, but the real link is kind of long):
http://tinyurl.com/7pt3x
M
Mel
All IP packets are structured the same way - an IP header followed by a
variable-length data field.
Two field that make the packet trackable:
Source Address: 32 bits
Destination Address: 32 bits
Each packet's header will contain the proper protocols, the originating
address (the IP address of your computer), the destination address (the
IP address of the computer you are sending to) and the packet number (1,
2, 3 or 4 lets say there are 4 packets). Routers in the network will
look at the destination address in the header and compare it to their
lookup table to find out where to send the packet. Once the packet
arrives at its destination, the computer will strip the header and
trailer off each packet and reassemble the packet based on the numbered
sequence of the packets.
A packet sniffer is good to have in your toolbox, but what you probably
really need is:
Tools and Utilities to Monitor Your Network For Suspicious or Malicious
Activity
http://netsecurity.about.com/od/intrusiondetectionid1/a/aafreeids.htm
As far as the hits from China go: They are attempts to gain access to
your computer thru previously installed backdoors, which hopefully don't
exist on your computer.
J
John Corliss
Mel said:
Yes, I know this. But thanks.
Some good stuff there all right.
And I notice through currently open ports sometimes.
Well, I do my best to make sure that they don't. I was actually more
curious about why so many attacks seem to originate from China - in fact
the bulk of what I'm experiencing come from that country.
What I've noticed is that if I stay online for a long time, eventually
some sites simply won't open unless I reboot and site loading slows way
down. Also, sometimes there is a long pause before my computer will
either reboot or shut down (more likely this is a function of the swap
file useage, but I have it set to conservative useage.) Regardless, this
is what has me searching for a good freeware packet sniffer.
M
Mel
You have to wonder who has offices in China (Microsoft comes to mind).
ME suffers, some what, from the same problems 98 has (Resource
Fragmentation). Memory managers help, but they don't fix the problem.
The Top 75 Security Tools: The list is dated, but useful:
http://www.insecure.org/tools.html
Interesting read:
http://nwo-warning.tripod.com/terrorism1.htm & terrorism2/3/4
Seems strange reading the above articles, especially after seeing how
things played out.
A
Allan Bruce
John Corliss said:
tcpdump - no GUI but good lightweight program
Allan
A
Art
But what makes your PC so unusual that you have this symptom and
most others (presumably) don't? IOW, if your snarl is due to
bombardments from China, we should all be suffering the same thing.
Well, maybe not all. I've been using a wireless router for the last
few months. So if I use, say, Sygate free firewall to log traffic, it
does not and cannot show me any incoming probes since it's the
router/fw that's rejecting them. All I see are outgoing, or attempts
at outgoing, that are blocked by Sygate.
Might be a interesting experiment for you to try a external router
of some kind to see if it has any effect on your problem. And have
you ever simply let Windows manage your swap file? I've never
found any reason to not do this. It's always worked fine on my
various machines and OS.
BTW, I was quite surprised when I went to Windows Update
yesterday on my wife's Win ME machine and found ten critical
patches were available. I had thought I had them all. One or
two were for Windows Media Player 9, and another was a
DirectX thing ... don't remember the others. But I installed
them all.
For what it's worth
Art
http://home.epix.net/~artnpeg
M
Mel
John Corliss said:
WinPcap packet capture driver was similarily sponsored and
is used by many sniffer type programs including the windows
version of Ethereal http://www.winpcap.org/misc/links.htm#tools so if
you want to avoid MS sponsored software your choice may be very limited.
Incidently it is possible to tweak the registry to stop MS intelliPoint
and MS intellitype from calling home to check for updates.
For testing software I keep a small partition at the end of
my harddisk and use disk imaging software to copy a
Windows 98 install onto it - takes just under 5 minutes to
restore it on this rather slow PC.
I can hide the normal partitions and let whatever I install
do its worst to the registry and if I feel the need and it wants
to call out - spy on it with Ethereal with little risk of exposing
any personal data.
Regard,
Mel.
(not the other mel)
J
John Corliss
John said:
This one is definitely a step in the wrong direction:
http://www.snort.org/
They actually have the nerve to offer classes about how to use their
program!
http://www.snort.org/training/
One has to wonder if and if so, how much of the program's confusing
interface is intentionally written that way in order to encourage
enrollment in their "classes".
J
John Corliss
Mel said:
Well, I doubt if that's the reason. I get a lot of hits from China on
ports 1026 and 1027, both of which are used mainly for messenger services.
I've tried a few of these, but wasn't impressed enough to keep them.
From that list there are these sniffers which are possibilities:
1. The aforementioned Ethereal, which I am trying to get away from due
to the complexity of it's filter "language" (why does it need a
"language" for God's sake?)
2. Snort, which I just posted a message about being a step in the wrong
direction (they make money teaching classes on how to use the program!!)
3. Netcat, which may or may not be a sniffer and the link to which is
now 404ed.
4. Windump:
http://www.winpcap.org/windump/
which gives me a WinPcap related error message and besides, it's a
command line program.
Thanks though.
"Of course the people don't want war. But after all, it's the leaders of
the country who determine the policy, and it's always a simple matter to
drag the people along whether it's a democracy, a fascist dictatorship,
or a parliament, or a communist dictatorship. Voice or no voice, the
people can always be brought to the bidding of the leaders. That is
easy. All you have to do is tell them they are being attacked, and
denounce the pacifists for lack of patriotism, and exposing the country
to greater danger."
-- Herman Goering at the Nuremberg trials
From http://www.snopes.com/quotes/goering.htm
J
John Corliss
Art said:
Can't say whether or not the two symptoms are related. I only know that
I'm currently experiencing them. The distinct possibility exists that
with this level of bombardment, there may be some kind of way into my
computer. Once a hacker accomplishes this, it may lead to all kinds of
symptoms. However if that's happening until I find a packet sniffer that
is easier for me to use. And I know anybody can accuse me of paranoia,
but to trivalize my concerns in that fashion would serve no purpose; the
normal process is to become aware of a concern, then prove whether it's
unfounded or not. That's what I'm attempting to do here. Besides, when
somebody tells me I'm paranoid and expects me to go no further, they're
pissing up a rope. 80)>
I'm running Kerio 2.1.5 and TinyLogger v0.9.8 and that arrangement makes
it easy for me to keep tabs on incoming probe activity. For instance,
here's an excerpt from my log:
Blocked Incoming 26/Jul/2005 05:38:00 Packet to unopened port
received UDP 222.189.38.2 32957 localhost 1027 no owner
Blocked Incoming 26/Jul/2005 05:38:00 Packet to unopened port
received UDP 222.189.38.2 32957 localhost 1026 no owner
Blocked Incoming 26/Jul/2005 05:38:00 Packet to unopened port
received UDP 222.189.38.2 32957 localhost 1026 no owner
Blocked Incoming 26/Jul/2005 05:37:58 Packet to unopened port
received UDP 222.47.183.141 50389 localhost 1027 no owner
Blocked Incoming 26/Jul/2005 05:37:58 Packet to unopened port
received UDP 222.47.183.141 62930 localhost 1026 no owner
I'm currently using a Cisco uBR924 cable modem router. Is that what
you're talking about? However, I've never opened the router's command
line interface via a direct connection to it's console port and screwed
around with the settings. In fact, the Configuration guide is daunting
so I've always "let it be."
BTW, I was quite surprised when I went to Windows Update
yesterday on my wife's Win ME machine and found ten critical
patches were available. I had thought I had them all. One or
two were for Windows Media Player 9, and another was a
DirectX thing ... don't remember the others. But I installed
them all.
For what it's worth
I never installed MP9 (because of DRM) but foolishly did install .net
then uninstall it. Ever since I installed .net, I get warnings that I
need to install an update for it. The "update" is a complete and newer
version of .net that you can't uninstall (or only with great difficulty.)
Otherwise, I'm up to date on ME updates.
Back to Packet sniffers though, I found Sniphere:
http://www.securesphere.net/html/projects_sniphere.php
which seems like a step in the right direction. Other than requiring
Winpcap (like most other sniffers) it doesn't require an install. Simply
download the executable, put it in the directory of your choice and
click on it. The interface looks promisingly simple.
J
John Corliss
Mel said:
Well that's certainly not encouraging.
Thanks, but I simply blocked them with my firewall.
What technique do you use to do that?
Now I'm *damned* confused!
J
John Corliss
Allan said:
Although there's a Windows port of this program:
http://www.winpcap.org/windump/
it generates a WinPcap related error message on my system.
J
John Corliss
John said:
Forgot to add: "Thanks though!"
M
Mel
I didn't use it alot, but I was always satisfied with Analyzer. I'm
going to try this one to see how it compares:
http://www.nirsoft.net/utils/smsniff.html
<q>
Another timely quote in the vein of the apocryphal Julius Caesar warning
about political leaders who can all too easily send the citizenry
marching eagerly off to war by manufacturing crises that purportedly
threaten national security and making popular appeals to patriotism.
</q>
D
Dick_Hazeleger
Hi John!
Question is: How "simple" do you want it, and what do you expect from it.
Although I prefer Ethereal (with all its "complexity"), there are a few
candidates for a "quick and dirty" sniffing of packets:
ZX-sniffer is the first one that comes to mind, uses its own driver (no
WinPCap needed) and is a real lightweight compare to ER. The only problem
is to find it... Newer versions are only available in Russian, and the
older English version has disappeared from the major sites. I could try
to upload it to ABF if you to give it a go...?
SmartSniff (Nir Sofer) is another lightweight sniffer, however it needs
WinPCap to be able to work on Windows below Win2K (on 2K and XP it can
use the "RAW" mode to capture packets): http://nirsoft.mirrorz.com.
M
Mel
John Corliss said:
I don't see any reason to be concerned about MS sponsorship.
I'm also pretty sure that packet sniffer users would notice if anything
untoward was going on, especially if one happened to compare
the output with that from another machine running a different OS.
I'm just using the hide option in my disk imaging software
(a copy of Drive Image that was given away on a cover disk)
This makes the partitions invisible to the OS - although
they could of course be accessed at a lower level.
Same here, I'm the Mel that's been posting here as 'Mel'
for several years (mostly using my spamgourmet.com email
address) - probably should have used my full name.
Incidently avoid installing WinPcap and Kerio 4 firewall on
a Windows 98/ME machine - Kerio 4 causes a lock-up if
you try to capture (work fine together on XP).
Regards,
Mel.