livinthailandos Posted May 9, 2010 Share Posted May 9, 2010 first I'm still a new person I'm still learning with the aid of my book I bought that talks about watching packets. 1st I want to say i'm watching syn, syn ack, ack along with the protocol come up. Keep in mind I've set my dns servers to opendns. so i start my home page on google. I type a search for scb easy and I start to notice many DNS querys come up. like a. littlemee.net b. nationmultimedia.com c. pangponblog.com d. thaipr.net mind you I'm capturing packets from just my ethernet card, so what exactly is happening, is my computer high jacked or am I see other peoples dns query packets come up. Link to comment Share on other sites More sharing options...
Tywais Posted May 9, 2010 Share Posted May 9, 2010 Probably various google ads or similar that are associated with a site are showing up as they have to be resolved also. Link to comment Share on other sites More sharing options...
thaigold Posted May 10, 2010 Share Posted May 10, 2010 Wireshark mated with Cain and Abel are very effective tools in securing your network - but a caveat: since internet traffic is of special concern to some in the Kingdom, sniffing packets could be problematic for the user of these utilities. Bear in mind that BKK is not LA. Link to comment Share on other sites More sharing options...
SurfRider Posted May 10, 2010 Share Posted May 10, 2010 . "I type a search for scb easy and I start to notice many DNS querys come up" You can suppress most, if not all, of those DNS look-ups if you understand and make the changes to your "HOSTS" file that are recommended at the link below. It will also most likely speed up your system when using the Web. http://www.mvps.org/winhelp2002/hosts.htm . Link to comment Share on other sites More sharing options...
swifter Posted May 10, 2010 Share Posted May 10, 2010 (edited) Not all networks are "switched", which is to say, on some networks you can also view the packets going over the wire to other computers on the local network. Hotels and other shared-wireless environments are notorious for this sort of thing. That said, you would clearly see that the "conversation" taking place did not have your IP involved if that was the case. Chances are its innocuous, eg cross-site scripting or hyperlinks on a normal webpage referencing content on third party websites, such as banners, ads, so on. If you really want to make sure, there is an application called "lsof" aka "list open files", that will take a snapshot of the files in use on your computer and let you know what application is responsible for what network streams. Its a hugely educational tool and if you have even a passing interest in what goes on under the hood of your PC, running it will take you down some interesting roads. Regarding the comment on how this is BKK not LA and the use of these applications might in some way transcend legal boundaries, although Im certainly not privy to the specifics of constitutional law in BKK, none of the above packages has any use with regards to obfuscating traffic or otherwise manipulating it; they are passive. I can say that using them to intercept data you were not meant to see would almost certainly be patently illegal, eg trying to snatch peoples passwords and so on, but the tools themselves are not illegal, otherwise the kingdom would have made the entire Information Security industry illegal at some point and Im reasonably sure I would have heard about it had that been the case (as would have Oracle/Sun up the road, shortly after they were raided ostensibly). Edited May 10, 2010 by swifter Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now