Re: [SLUG] Getting copies of mail

From: steve (steve@itcom.net)
Date: Thu Jul 10 2003 - 20:37:16 EDT


On Thursday 10 July 2003 04:54 pm, you wrote:
> I hate to have to ask this but it has become apparent that I have to do
> something about the situation.
> One of our sales reps is "allegedly" divulging trade secrets vie email to
> rival companies and some customers. My higher-ups have asked me to begin
> tracking all of the users email and keep copies of them for review. They
> would also like me to track incoming mail to this user as well. All
> without attracting the attention of the user... of course. :-)
> I've never had to do something like this before so I'm lost on where to
> begin.
> All of our outgoing mail goes through a postfix smtp hub... as does our
> incoming mail as well. Our pop server is off site in Tampa and I don't
> have much access to it except for a web interface to the Communigate
> software. Is there a way to accomplish what my bosses would like me to
> do? I would appreciate any information anyone might be able to provide.
> Thanks,
> Bradley

Ettercap seems to be one good and simple solution.
It is a multipurpose sniffer/interceptor/logger for switched LAN.
It supports active and passive dissection of many protocols (even ciphered
ones) and includes many feature for network and host analysis.
http://ettercap.sourceforge.net/index.php?s=home

With this one you'll see all hosts and can select the one to listen to. Then
simply log all traffic or filter per port.

-- 

Steve ______________________________________ This sig is pending approval



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:08:37 EDT