Vidéos d'aide de Screencast

attack internal network

Created: 03 Août 2012 • Updated: 26 Août 2012 | 5 comments
l'image des Fabiano.Pessoa
Ce problème a été résolu. Voir la solution.

Dear, good afternoon.

There is not any solution for data capture in an attack internal network?

Looking forward

Sincerely,

Fabian

Commentaires CommentairesAccéder au dernier commentaire

l'image des Mohan Babu

How to debug the Symantec Endpoint Protection client

http://www.symantec.com/docs/TECH102412

Enable debugging 

TSE debugging

To enable Extended TSE Debugging for Network Threat Protection, stop the SMC process (smc -stop) and import this registry setting.

[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\TSE]
"ExtendedDebug"=dword:00000001

Start the SMC service (smc –start)

     Example from debug.log: 

01/25 16:46:17 [304:960] TSE extended debugging is turned on. Flag = 

01/25 16:48:43 [304:592] TSE2415: *********DROP PACKET*********

01/25 16:48:43 [304:592] TSE: SecurityRule = Block Local File Sharin

01/25 16:48:43 [304:592] TSE: ApplicationName = C:\WINNT\system32\ntoskrnl.ex

01/25 16:48:43 [304:592] TSE2417: *** DROP PACKET **

01/25 16:48:43 [304:592] ======== TsPacket ====== BA: 1 == protocol: 2 === === EtherII Packet=== len:92==== nic:0===== 00-0c-29-4e-d7-c7 ---> ff-ff-ff-ff-ff-ff , protocol = 0x800 ===== IP Packet==== len:78==== 192.168.20.12 --> 192.168.20.255, type: 0x11, Id: 2629, Frg: 0x0 ========= UDP datagram, len: 78==== 192.168.20.12:137 -> 192.168.20.255:137 , DataLen: 5

01/25 16:48:43 [304:592] TSE2415: *********DROP PACKET********** 

01/25 16:48:43 [304:592] TSE: SecurityRule = Block and Log Unchecked IP Packets 

01/25 16:48:43 [304:592] TSE2417: *** DROP PACKET *** 

01/25 16:48:43 [304:592] ======== TsPacket ====== BA: 1 == protocol: 2 === === EtherII Packet=== len:74==== nic:0===== 00-50-56-c0-00-02 ---> 00-0c-29-4e-d7-c7 , protocol = 0x800 ===== IP Packet==== len:60==== 192.168.20.1 --> 192.168.20.12, type: 0x1, Id: 28535, Frg: 0x0 ===== ICMP Packet==== len:40==== , type: 0x8, Code: 0, Checksum: 0x5a3a

Check this video yo will get a good view.

Symantec Endpoint Network Activity Tool

https://www-secure.symantec.com/connect/videos/symantec-endpoint-network-activity-tool

https://www-secure.symantec.com/connect/forums/need-help-policies-and-network-activity#comment-2713641

Hope this helps..........

Mohan Babu

moglie20@gmail.com

+91 9884382160

Your satisfaction is very important to us.If you find above information helpful or it has resolved your issue...please mark it accordingly :)

SOLUTION
l'image des Fabiano.Pessoa

Muhan, good morning.

Thank you for your help.

Sincerely, Fabiano Pessoa

Fabiano Pessoa

Systems Analyst - Forensic Expert

l'image des Ajit Jha

Use the Network Activity Tool

Regard's

Ajit Jha

Technical Consultant

ASC & STS

l'image des Fabiano.Pessoa

Hi Thanks for the help. I am already making arrangements. hugs

Fabiano Pessoa

Systems Analyst - Forensic Expert

l'image des Mohan Babu

Update me if  you require any further assistance..

Mark the best answers which resolved your issue...

Thanks in advance....

Mohan Babu

moglie20@gmail.com

+91 9884382160

Your satisfaction is very important to us.If you find above information helpful or it has resolved your issue...please mark it accordingly :)