| Sonoman 2004-02-04, 10:39 am |
| Hi all:
I am trying to get a TCPDUMP(?) from a Windows Server 2000. I need to
produce this file for somebody that can use it to see if a network has been
compromised, and/or to check for traces of network intrusion. I went to
http://windump.polito.it/ and it has a lot of good info, but as far as I can
tell this is only to gather info as it happens. I need to be able to
generate a file in tcpdump format of previous activity on the compromised
server, maybe up to a week old or older if possible. I will be using a PC
loaded with Windows Server 2003 to test the process of generating this file.
Just in case, the file will be loaded into Silent Runner which is the older
version of eTrust Network Forensics. How can I do this? I will very much
appreciate any help that can be provided to assist me in resolving this
issue. Thanks in advance.
Sonoman
|