Spyware phone home http traffic

Black Hat Defcon
Contents:
  1. Monitoring your Home Network for Free
  2. Login / Register
  3. Login / Register
  4. What a security researcher learned from monitoring traffic at Defcon - CNET

Click "options" next to it, and as you see in the video above courtesy of the folks over at Hak5 , you can select "promiscuous mode" for that adapter. Once you have, you can start capturing packets.

Monitoring your Home Network for Free

When you start the capture, you're going to get a lot of information. Luckily, Wireshark anticipates this, and makes it easy to filter.

Since we're just looking to see what the suspicious actors on your network are doing, make sure the system in question is online. Go ahead and capture a few minutes' worth of traffic for starters. Then you can filter that traffic based on the IP address of that device using Wireshark's built-in filters. Doing this gives you a quick view of who that IP address is talking to, and what information they're sending back and forth.

You can right-click on any of those packets to inspect it, follow the conversation between both ends, and filter the whole capture by IP or conversation. For more, How-To Geek has a detailed guide on Wireshark filtering. You may not know what you're looking at, but that's where a little sleuthing comes in. If you see that suspicious computer talking to a strange IP address, use the nslookup command in the command prompt in Windows, or in a terminal in OS X or Linux to get its hostname. That can tell you a lot about the location or type of network your computer is connecting to.

Wireshark also tells you the ports being used, so Google the port number and see what applications use it. If, for example, you have a computer connecting to a strange hostname over ports often used for IRC or file transfer, you may have an intruder. Either way, you'll have the data required to figure it out on your own. Of course, not every bad actor on your network will be online and leeching away while you're looking for them.

Up to this point, we're taught you how to check for connected devices, scan them to identify who they really are, and then sniff a little of their traffic to make sure it's all above board. However, what do you do if the suspicious computer is doing its dirty work at night when you're sleeping, or someone's leeching your Wi-Fi when you're at work all day and not around to check? There are a couple of ways to address this. For one, the Who's On My Wi-Fi application we mentioned earlier can run in the background on your Windows computer and keep an eye on who's connecting and when.

It can ping you when you're not looking at it, and let you know when someone's connected to your network, which is a nice touch. You can leave it running on a computer at home, and then when you wake up or come home from work, see what happened while you weren't looking. Your next option is to check your router's logging capabilities. Buried deep in your router's troubleshooting or security options is usually a tab dedicated to logging. How much you can log and what kind of information varies by router, but you can see in the screenshot above I can log incoming IP, destination port number, outgoing IP or URL filtered by the device on my network, internal IP address and their MAC address, and which devices on my network have checked in with the router via DHCP for their IP address and, by proxy, which have not.

It's pretty robust, and the longer you leave the logs running, the more information you can capture. Custom firmwares like DD-WRT and Tomato both of which we've shown you how to install allow you to monitor and log bandwidth and connected devices for as long as you want, and can even dump that information to a text file that you can sift through later. Depending on how you have your router set up, it can even email that file to you regularly or drop it on an external hard drive or NAS. Either way, using your router's oft-ignored logging features is a great way to see if, for example, after midnight and everyone's gone to bed, your gaming PC suddenly starts crunching and transmitting a lot of outbound data, or you have a regular leech who likes to hop on your Wi-Fi and start downloading torrents at odd hours.

Your final option, and kind of the nuclear option at that, is to just let Wireshark capture for hours—or days. It's not unheard of, and many network administrators do it when they're really analyzing strange network behavior. It's a great way to pin down bad actors or chatty devices.

Login / Register

However, it does require leaving a computer on for ages, constantly sniffing packets on your network, capturing everything that goes across it, and those logs can take up a good bit of space. You can trim things down by filtering captures by IP or type of traffic, but if you're not sure what you're looking for, you'll have a lot of data to sift through when you're looking at a capture over even a few hours.

Still, it will definitely tell you everything you need to know. In all of these cases, once you have enough data logged, you'll be able to find out who's using your network, when, and if their device matches up with the network map you made earlier. If you've followed along to here, you've identified the devices that should be able to connect to your home network, the ones that actually connect, identified the differences, and hopefully figured out if there are any bad actors, unexpected devices, or leeches hanging around.

Now all you have to do is deal with them, and surprisingly, that's the easy part. Wi-Fi leeches will get the boot as soon as you lock down your router. Before you do anything else, change your router's password, and turn off WPS if it's turned on.

Login / Register

If someone's managed to log directly into your router, you don't want to change other things only to have them log in and regain access. Make sure that you use a good, strong, password that's difficult to brute force. Then, check for firmware updates.


  • Check Your Network in Real Time with Network Traffic Monitor;
  • mobile phone call taping apps freedownload.
  • iphone app for spying on others messages;
  • spy gps tracker for cell phones.
  • ios spying software.
  • how to catch a cheating husband yahoo.

If your leech has made use of an exploit or vulnerability in your router's firmware, this will keep them out—assuming that exploit's been patched, of course. Then, the only devices that should be able to reconnect are ones you give the new password to. This is done with the Adobe Creative Suite. Each time one of the programs is opened, it phones home with the serial number. If the serial number is listed as being already in use, or a fake, then the program will present the user with the option of inputting the correct serial number.

What a security researcher learned from monitoring traffic at Defcon - CNET

If the user refuses, the next time the program loads, it will operate in trial mode until a valid serial number has been input. However, the method can be thwarted by either disabling the internet connection when starting the program or adding a firewall or Hosts file rule to prevent the program from communicating with the verification server. Phoning home could also be for marketing purposes, such as the " Sony BMG Rootkit ", which transmits a hash of the currently playing CD back to Sony, or a digital video recorder DVR reporting on viewing habits.

High-end computing systems such as mainframes have had 'phone home' capabilities for many years, to alert the manufacturer of hardware problems with the mainframes or disk storage subsystems this enables repair or maintenance to be performed quickly and even proactively under the maintenance contract. In research computing, phoning home is used to track the daily usage of open source academic software.

This phoning is used to develop logs for the purposes of justification in grant proposals to support the ongoing funding of such projects. Aside from malicious software phoning home, phoning home may be done to track computer assets—especially mobile computers. One of the most well-known software applications that leverages phoning home for tracking is Absolute Software's CompuTrace.

This software employs an agent which calls into an Absolute-managed server on regular intervals with information companies or the police can use to locate a missing computer. Other than phoning to the home website of the applications' authors, applications can allow their documents to do the same thing, thus allowing the documents' authors to trigger essentially anonymous tracking by setting up a connection which is intended to be logged. Such behavior, for example, caused v7. HTML e-mail messages can easily implement a form of "phoning home". Images and other files required by the e-mail body may generate extra requests to a remote web server before they can be viewed.


  • Phoning home - Wikipedia?
  • Monitoring your Home Network for Free.
  • mobile phone spy listing.
  • mobile phone spy video camera!
  • spy on text messages free.

Know a neat tech tip or trick? Then why not have it published here and receive full credit? Click here to tell us your tip. This tips section is maintained by Vic Laurie. Click here for more items like this. Click here. Skip to main content. This tip shows a quick and easy way to use "netstat" to see what programs are connecting to the Internet: Open the command prompt. Create a log of Internet activity with a netstat batch file Internet activity is not static and you may want to log it over a period of time. Average: 4. Free Kindle Books.


  • How to Monitor Network Traffic.
  • App to spy on boyfriend phone.
  • Installing PRTG Free for Home.
  • Your Answer.
  • Network Data Usage Monitoring?
  • cell phone monitoring software outlet store.
  • Current Chapter.

Best Free Antivirus for Android. Best Free Live Wallpaper for Android. Windows Desktop Software.