topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Tuesday March 19, 2024, 1:55 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: NANY 2011 Release: Crush Sniffer  (Read 9718 times)

Crush

  • Member
  • Joined in 2006
  • **
  • Posts: 402
  • Hello dude!
    • View Profile
    • Read more about this member.
    • Donate to Member
NANY 2011 Release: Crush Sniffer
« on: November 14, 2010, 02:37 PM »
NANY 2011 Entry Information

Application Name Crush Sniffer
Version V1.00
Short Description Sniff Programs, Users, Server availability and Connections in (Unix/Linux) Network Environments
Supported OSes Sniffer: Unix/Linux / Analyzer: Windows
Web Page -
Download Link * Crush Sniffer.zip (20.08 kB - downloaded 802 times.)
System Requirements
  • Pentium class computers
  • mfc71.dll
Version History
  • 10/11/14 Release V1.0
  • 10/11/15 Release V1.0 Script Updates
Author [url=https://www.donationcoder.com/forum/index.php?action=profile;u=51520]Crush
Screencast

Description
The Crush Sniffer creates different continous logs of several system events in Linux/Unix.
Because I´ve no deeper experience in Unix-Coding I decided to create a small but handy analyzer that can filter the most important events from these logs and to search at a click the right positions of all logs at the same (or similar) time stamp.
The tool has been created to detect illegal activities or sabotage on special systems - and it worked fine.
This program can be used to sniff the behaviour of other users on your or other computers and check out who have done what and when.
Because of this, the usage is only allowed to system owners or administrators who have the legal rights to control the sniffed systems.
I recommend only experienced users who know how to read system-logs to use this tool!

Features
  • sniffer works as a normal task from the shell
  • the results can be easy viewed with the analyzer

Planned Features
  • none

Screencast

Usage
Installation
There are two scripts: One for Unix systems (and Cygwin I think) and another one for Linux. Copy the suiting one to the system you like. Open a shell window and start it.
Copy the "Crush Sniffer.exe" to a windows system or a wine directory in Linux and run it there.

Using the Application
After logging (can be stopped with ctrl-c) you have to copy the logs (all starting with RR...) to a windows computer or perhaps a Linux computer with wine and run the "Crush Sniffer.exe" - otherwise a mapped drive with network access should also work.
The program is in german - but it´s so easy to use I don´t see any reason to translate it.
"Nachrichtenfilter aktivieren" is automatically enabled and filters unnecessary lines from the results where nothing important happened.
The button "Dateien einlesen" Reads the files. You can select one of the RR... files. It´s not important which one.
Reading and filtering can take some time - so please be patient.
At the end you can see the 4 different logs. On clicking in a window all other logs will be corrected to the nearest time stamps to see what happend at this time with the other logs.
That´s all.

All settings are in the logger.sh file hard-coded. You have to change them by hand if necessary.
You can set the names of 3 different hosts. It should be easy to add more if you like.
Maximalcountage sets the days of logging. Older logs will be automatically deleted.
The _init-variables set the timeslice being used to update the different logs.
In the greps you can change the "*" parameter to a special to be controlled user if you like.

Uninstallation
Only delete the files and folder

Known Issues
The load-process takes a lot of time sometimes - depending on the size of your logs.

Screenshot
LogReader.jpgNANY 2011 Release: Crush Sniffer

Please don´t ask for further support or development, because I decided to stop the development at this state.
« Last Edit: November 22, 2010, 01:09 PM by Crush »

Crush

  • Member
  • Joined in 2006
  • **
  • Posts: 402
  • Hello dude!
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: NANY 2011 Release: Crush Sniffer
« Reply #1 on: November 15, 2010, 04:44 PM »
I updated the scripts and the requirements (you need mfc71.dll). There´s now one for Unix and one for Linux.