Wireless E-Detective System User Manual ()
Contents
1. LC Search Conditions SEARCH CONDITION eg DATE Ier J TIME ei bl e v IP ALL BSSID MAC EMAIL FROM OTO OCC FIBCC Sp SUBJECT MN WEBMAILTYPE v ae FTP SERVER IP FTP ACCOUNT 1 i MSN ACCOUNT 9 D SCREEN NAME PARTICIPANTS ICQ ACCOUNT o x SCREEN NAME PARTICIPANTS 1 YAHOO ACCOUNT o YS SCREEN NAME PARTICIPANTS 1 QQ ACCOUNT b A CISCREEN NAME PARTICIPANTS URL 7 ee Search Reset Close lt E BSSID Mac address of access point 00 0E 2E A3 7A 86 MAC Mac address of computer 00 0E 2bE A3 7A 86 Uniform Resource Locator Copyright O 2007 Decision Computer International Co Ltd 32 1 Example by IP Searching all data belonged to IP 192 168 1 20 please input the IP in IP field Press button Search to start searching DATE TIHE Ir Best BLAC FR LAIM SLRIES T VWEBLLAIL TYPE FTP SERVER IP FIF Account MEN ACCOUNT ed ACCOUNT TAH ACCOUNT DCK ACCOUNT RL Less ut gei Pcs Er PAT Ou Ia 5 FTE amp Y GELE t cor TAH sA qi HIT TF IEITELIDTITIT E Kal SR LIFROM LITO E LISCEKEEH HA 1 rum pnm LA he 1 15 ckEEH HANE IPARTICIPAHTS LISXCEEEH HAME LISCKEEH HABLE HTTP ier re WE EA 11 VE EMA DERE TELAHE MA OC o FAR CPCI AM TS LIPARTECIPAHTS mkh APPLY Haze Gg 4s 5 ise 6a fienile OTe finials dt US click one of t2. 7 Capture mport Wepkey History Work Log Ids S MODE OAP STA Capture Size 10096 K In Time Condition Dump Filter Condition Save List Refresh Pow s START STOP MANUAL AUTO STA SCAN CLIENT MAC STR PACKETS BSSID WEPKEY CH ESSID DUMP DUMP Q START START ip DIES 4E 42 DE E2 29 1572 00 11 85 D 25 13 OPH 5 Dlink_abg z Q ip UI AE 43 4D CA 34 00 11 95 40 40 AF WEP 5b JasonCo 3 Q START START ip DUDE JE A3 7 A Bb 1 13 00 17 01 FF 07 60 OPN 1D WVIFL Y 4 Q i ip DDEDE 35 5Z 8F 5A 1 L2IFEFEFEFEFEFEEE 5 Q START START ip DDEDIE 35 87 21 14 do 3401 DD 11 85 D 25 13 OPH 5 Dlink_abg 5 Q START START ip 00 0E 35 58E 30 59 47 9261 DD 11 85 D 25 13 OPH 5 Dlink_abg H Q START START ip 00 0E 35 96 561 E8 gd 6556 00 11 95 DA 25 13 OPN 5 Dlink_abg D Q START START ip UD DE 35 E4 77 F3 1 9 00 17 01 FF 07 60 OPN 10 WVIFL 4 Q START START ip DU 20 Ap 0 DD A7 41 170 UI 11 95 DA 25 13 OPH 5 Dlink abg wate Count 9 Total 1 In page 1 Rows per page 20 Submit Features in this user interface UI 1 mp A link to show the information of Mac address of PC and IP Nic Info y Mac 00 1B 77 25 E7 B6 IP 192 168 1 106 2 Others are already introduced on the AP s Ul Please refer there to see more detail Copyright 2007 Decision Computer International Co Ltd 48 Decrypt Information manually WEP WEP WPA Click these three links appeared on the tabl
3. FE DETECTIVE Employee Internet Management Appliance Version 18 August 2007 User Manual Wireless Decision Computer International Co Ltd Co oust Copyright 2007 Decision Computer International Co Ltd IMPORTANT NOTICE This guide is delivered subject to the following conditions and restrictions Copyright Decision Computer Ltd 2007 All rights reserved The copyright and all other intellectual property rights and trade secrets included in this guide are owned by Decision Ltd The guide is provided to Decision customers for the sole purpose of obtaining information with respect to the installation and use of the E Detective System and may not be used for any other purpose The information contained in this guide is proprietary to Decision and must be kept in strict confidence It is strictly forbidden to copy duplicate reproduce or disclose this guide or any part thereof without the prior written consent of Decision Copyright 2007 Decision Computer International Co Ltd Table of Contents version TOLAUQUSU ZOO KEE 1 Introduction to Wireless E Detective Gvstem 5 ovystem InstallallOfi EE 8 SPAS IR 10 siete Rm 11 Wireless E Detective System Funchons 11 A Local and Remote OGM EE 11 Bau CONGIING Serre m cE E 14 PM ad a 910100 a e et cee ma nenmtne eee reer ee ace ate ee mene re ne enor nee 14 OR RG Le Et ele ue EE 16 3S IMAP leen e EE 17 A NV ODN EE 18 e VV EDIVI
4. START 00 17 D1 FF 07 60 10 36 OPN 2 2080 22WIFLY 2 RE zl e 00 17 D1 FF 07 61 10 54 WEP 2 1510 0 0 e AUTHORITY SE 8 START START 00 17 D1 FF 07 62 10 54 OPN 3 1521 0 0 ad DELETE DATA 9 START START 00 17 D1 FF 07 63 10 54 OPN 3 1467 0 0 R EDIT PASSWOF i 1 Count 9 Total 1 In page 1 Rows per page 20 POWEP ORME e Features in this user interface UI 1 MODE AP OSTA Selecting access point AP or Wireless enabled PC STA to be target for capturing the information from 2 Capture Size 10036 E Displaying the wireless transmitted data size in Kbyte 3 In Time Condition A filter to alarm the particular information or target based on specific conditions 4 Dump Filter Condition A filter to alarm the particular target based on specific conditions Copyright 2007 Decision Computer International Co Ltd 46 5 save List To save all access points and PCs scanned into the history page 6 Refresh 7 Yb START STOP Refresh the information per specific seconds Click links START or STOP to operate this function Ey Channel 7 Set up which channel on access point to capture the information from 8 START START The right button means manually starting the capturing after pressing this button The left button means auto starting the capturing at the specific time 9 AP A function to mark access points with
5. Step 2 Install QQ cracker into compulter 81 Step 3 Decrypt the conversation ss 85 Jj GI Stain etai MI I LUI LS LEE LUE 89 I 89 AMBIENT 90 ADDENdIXA CP EE 92 Copyright 2007 Decision Computer International Co Ltd 4 Introduction to Wireless E Detective System Internet application becomes more and more popular by the emergence of broadband Internet Popular but unregulated Internet access has caused a challenge to the management Wireless E Detective system can sniff and decode Internet activities through Wireless LAN WLAN such as emailing POP3 SMTP IMAP Web Mails chatting Yahoo MSN ICQ AOL QQ HTTP URL Web Browsing and Files Transfer FTP upload and download P2P upload and download Telnet Online Games VOIP and Webcam MSN and Yahoo etc E Detective system can improve corporate efficiency prevent network resources from being misuse guide network administrator to block the loophole of confidential information leakage monitor cyber slacker and avoid accidental deleting and damage of email recover from backup Network Sniffing is one of the important the way to preserve evidence It will duplicate every Internet activity and data transferred and it also needs a powerful system like E Detective to perform online Internet sniffing real time recording categorizing correct misbehavior data min
6. VOIP 6 5 88 HTTP 25749 zg HTTP DYNAMIC 486 EM WEBMAIL 308 BMG WEBMAIL SENDER os TELNET 12 Er g P2P o B92 1681 165 3 Features in this UI 1 IP The target s IP at where you capture the data from 2 P IP The IP address where the target transfers the data to 3 P Port Shows what port number used by second party 4 Tool Shows what tool the targets use to transfer the data 5 File name Show the transmitted file name 6 HASH An identifiable value to identify which file is to be downloaded from specific second party Copyright 2007 Decision Computer International Co Ltd 30 H Online Game E Detective system captures Online Game logs which include user s login date and time user s MAC address user s port number Game Server IP address P IP Game Server port number P PORT and Game Name 2007 07 03 09 20 22 00 13 ce 69 c7 31 2095 210 208 86 12 80 Kartrider 2o 2007 07 03 02 45 28 00 13 ce 69 c7 31 3279 210 208 86 12 80 kader bh bh WW e fl a S E UL F L I HI rc The Online Game logs that can be captured by E Detective system are like World of Warcraft WOW Kartrider Ragnarok Online etc Copyright 2007 Decision Computer International Co Ltd 31 I Search The system provides an advanced searching function You may search by defined criteria
7. 2007 04 18 16 20 41 Suspicious traffic on UU UC ZE 00 23 A 8 Data traffic within 10 seconds of a disassociate 2007 04 18 16 20 57 Suspicious traffic on UU UC ZOU 23 AS Data traffic within 10 seconds of a disassociate 2007 04 18 16 20 35 Suspicious chent 00 90 96 B A BB 54 probing networks but never joining 2007 04 18 16 20 35 Suspicious traffic on 00 0F 3D 33 25 01 Data traffic within 10 seconds of a disassociate 2007 04 18 16 20 53 Suspicious chent 00 11 22 33 44 55 probing networks but never jommng 2007 04 18 16 20 30 Suspicious client 00 1 9 D2 1E 31 48 probing networks but never jommg 2007 04 18 16 20 30 Suspicious traffic on QO OCTLZE 00 23 A 8 Data traffic within 10 seconds of a disassociate 397 Total 505 In pace I Rows per bade n a c M D d Oh A B w r 2 keck keck keck n Cc ow DO m th Te t DO mc F Z HU y M 4 n3 Dy O m zinuhrmit Copyright 2007 Decision Computer International Co Ltd 57 M Backup Data Backup data is divided into two parts e Backup raw data ISO e Back up the list of Database log file 1 Backup Raw Data ISO Use this function to selectively back up data It consists of raw data unknown data unable to identify after parser and created ISO file User can select the file size of backup rawdata ISO file to create otep by step as follows 1 Set up the Max size of each backup file 2 Select the raw data file to convert
8. Cr v Bis o m v Bl MENU Hard Disk Information 73G Used 7 8G Available 61G Available Du 88 D POPS 117 810332 190 2 7B192 168 1 1 1 192 168 1 108 1 B192 168 1 131 1 7B192 168 1 136 2 E192 158 1 151 1 7 192 166 1 464 4 Bug 158 1 170 1 B192 168 13 1 B192 168 135 2 B192 168 14 18 8192 168 11 3 2 8192 168 9 109 2 Bug 158 867 69 Big 158955 12 e Sei SMTP a z MAP 8 FTP i E A MEN 71 prom E YAHOO 2 4 vol 5 8 HTTP 25692 Sg HTTP DYNAMIC 4818 ff WEBMAIL 306 Gy WEBMAL SENDER 7 y Data Mining a amp POP3 117 IMAP 4 SMTP 46 FTP 19 M N 571 ICQU2 YAHOO VOIP S HTTP 25592 DYNAMIC 4018 WEBMAIL R 308 WEBMAIL 0 B dp fs Copyright 2007 Decision Computer International Co Ltd 13 B Email Recording Emails recording supports 1 POP3 inbound IMAP inbound SMTP outbound Webmail inbound Webmail send outbound pL I S I9 1 POP3 inbound POP3 inbound records detailed information of each received e mail including full text analysis receiving date time sender receiver s IP receiver carbon copy topic account password and attachment All POP3 emails running on applications such as Outlook Express Microsoft Office Outlook and etc will be captured in the Wireless E Detective System A CONDITION POP3 192 168 9 67 IB MENU El POP3 117 210 9 32 190 2 B492 158 1 1 1 Se frankie
9. E k Ki MENU Hard Disk Information n POPIO 5 SMTP f gt MAP D FT E 3 MSN 1 TAG P Bvallable 616 Available fs 8 amp Here is the data searched by criteria which both meet the criteria of user s ID alecwang hotmail com and chatter s ID liuyingshcn hotmail com Hence it can be categorized into two combinations 1 User s nickname is alecwang hotmail com and chatter s ID is liuyingshcn hotmail com 2 User s nickname is liuyingshcn hotmail com and chatter s nickname is alecwang hotmail com Copyright 2007 Decision Computer International Co Ltd 35 Example 2 Input more than one IDs on the one blank field shown as following cchB25echotmall cam diesisimsbz net net liupeng198 203236 hotmail corm MSNACCOUNT 3 aetrggtergl nl AN SCREEN NAME v PARTICIPANTS ICQACCOUNT pf B Pan RG e LISCREEN NAME PARTICIPANTS ed QQACCOUNT fp E LISCREEN NAME PARTICIPANTS mr S TE Search Reset Close D H D Here is the searched data by criteria thats the data users ID cch926e hotmail com OR diesis ms62 hinet net OR liupeng19820923 hotmail com AND chatter s ID sheQ430 hotmail com am Comite WAN PR 1D L A t l di iur p 20 OR 10210 beta c Ge ZEN CHE cna aj i XD ID H Dl c Heo nus om IT ET DR M i vu a ATTY Dora E Ej Api EI D a Ui En les Ei B Hence it can be categorized into three combination
10. PARRWOE Device eth Confiquration Primary Second Hard Disk Information 55G Used 2 8G Available 49G Available oh 94 Network Setup Check HD Services Update System Time Network Setting Device List Mode IP M 192 168 1 60 255 255 255 0 192 158 1 255 192 168 1 1 Note Mode M MANAGE S SEND FILE R RECEIVE FILE Setup DNS Setting Default Setting 192 158 1 1 New Setting 168 95 1 1 Submit Copyright 2007 Decision Computer International Co Ltd 60 ALL IN ONE Mode This selection is for normal single layer function Only one network card interface ethO is used for capturing and decoding purpose After configuring the Manage IP Net mask Broadcast and Gateway address Press Submit to complete the setup F https 192 168 1 60 sys controUsetip php Micro c Il FUNCTION LL iN ONE CAPTURE ANALYZER MANAGE IP 182 158 1 Bl q Hetmask 255 255 255 0 Device v Broadcast 192 158 1 255 Gateway 192 165 1 1 cubmit i Internet Copyright 2007 Decision Computer International Co Ltd 61 CAPTURE Mode Sender This setup is for double layer architecture Sender and Receiver ends CAPTURE is set at the sender end Firstly set the configuration for the MANAGE setup Then complete the SEND FILE configuration with the Analyzer IP as the Receiver end Decoder IP Press Submit to complete the configuration 2 https 192 168 1 60
11. Userself Password ID root New Password Po Confirm Password Po submit Reset Note REQUIRED FIELD Copyright 2007 Decision Computer International Co Ltd 19 S POWER ON OFF This UI allows user to turn off or reboot the computer system PowerOff Reboot Power Off Reboot Copyright 2007 Decision Computer International Co Ltd 80 T QQ INFO SETUP How to see the encrypted conversation The captured conversation in QQ will be all encrypted This section tells users how to download the QQ cracker to decrypt the information Step 1 Download the QQ cracker The following diagram shows the steps to download the QQ cracker DELETE DATA o EDIT PASSWORD d n POWER ON OFF AA OO INFO SETUP H KR ee aM ukak RSR 501 he WD SP Ier ep 307 wo gp eno JC 5 J c MM IMGMEMn TReEUmm ep HEEM Step 2 Install QQ cracker into computer Decompress the file called setup tar tar to get the folder called setup Open it and press the setup exe to get the installation 2 Get the setup folder and open it ES Faseuond td S3 chick this file to get the installation Copyright 2007 Decision Computer International Co Ltd 81 The following diagrams show the steps of installation Welcome to the QQ Password Cracker GUI Setup Wizard This will install QQ Password Cracker GUI 1 0 on pour computer It is recommended that you clase al
12. WEP Cracking Measurement Report 64 bits WEP Key Cracking Report Packets x1000 ARP Packets 10m36s 16 488 24 664 29 600 Alphabetical 18m25s 41 552 51 016 86 754 Num Alpha 11m04s 25 380 32 990 56 513 128 bits WEP Key Cracking Report Copyright 2007 Decision Computer International Co Ltd 45 Wireless setup MENU involves six sub menus Capture Import Wepkey History Work Log Ids 1 Capture 7 d n IMAP 4 Hard Disk Information 73G Used 7 9G Available 61G Available Gol 88 tw FTP 19 Capture Nmport Wepkey History Work Log Ids N By MSN 571 MODE GAP OSTA g ICQ T e Capture Size 10096 K In Time Condition Dump Filter Condition Save List Refresh 7 Y START STOP zm YAHOO 2 H VOIP 5 i N S By Channel ze HTTP 25828 Hi START START z s HTTP DYNAMIC 1 si srAnr aer i WEBMAIL 308 E Ca WEBMAIL SENDE By Channel Ap TELNET 12 AP SCAN MANUAL AUTE BSSID CH MEIS WEPKEY STR BEA PACKETS ESSID STA A y le 1 START START 00 00 88 44 E7 F3 7 11 WEP 34 21120 2122 meeting 0 Q SEARCH 2 00 0F 30 33 29 F7 6 54 WEP 10 4470 0 sung 0 ALARM 3 O START START 00 11 85 DA 25 13 5 54 OPN 68 14961 10880 Dlink_abg 5 EXPORT De MANAGE 4 START START 00 13 46 F0 87 53 6 54 WPA 13 9498 129 ge g WIRELESS 5 START START amp 00 17 D1 FE F3 FO 4 54 OPN 0 40 OWIFLY 0 6 oy 6 START
13. and any chatter s ID Any user s ID and chatter s ID is bany1013 hotmail com Any user s ID and chatter s ID is ariesO724 msn com p Et Se OM Ju Any user s ID and chatter s ID is joe 3457 ghotmail com Copyright 2007 Decision Computer International Co Ltd 37 Example 4 In User s ID of MSN ICQ YAHOO input one set of user s ID and don t input chatter s ID you may check either User s ID monitor end or Chatter s ID remote end or both of them l shell4s0 hatmail com MSN ACCOUNT gt IJSCREEN NAME v PARTICIPANTS LISCREEN NAME LJPARTICIPANTS SCREEN NAME PARTICIPANTS 1 QQ ACCOUNT 5 LISCREEN NAME PARTICIPANTS UL Search Reset Close D il m A Here is the searched data by criteria that s the data of user s ID OR chatter s ID she0430 hotmail com Eam Come WAN P 811 o Greg CMTE n ag Um 4 MEME Bop 9h 1 ms Be we 8 emm Bo x8 1 0 e e mm n4 mm 1d 17 fii dh Hil Kid ven E k7 Se ium d Kri rs Ces PLI D Hence it can be categorized into two combinations 1 User s ID is she0430 hotmail com and any chatter s ID 2 Any user s ID and chatter s ID is she0430 hotmail com Copyright 2007 Decision Computer International Co Ltd 38 J ALARM E Detective system allows administrator to set warning policy Once data meets the criteria of war
14. click this link to see the source code of this webpage click this link to see the attached file T 4 g T The Decision company does not have the information of Tsuen Shing and your seller SIB That is why it took time to reply you and resulted in this unwanted delay Copyright 2007 Decision Computer International Co Ltd 17 4 WebMail WebMail log includes the information of date time user s IP webmail contents and the type of mail server Within log E Detective System will record text of WebMail only and filter out non text to reduce HDD usage and system loading oos mM 2 X Bu er m IE HM TINA IR bL Li bres mes re BO em e CB r x pH up d CH e oi eem A IMUT APH by 206d ban ama ra com RO ich don o 112 r Sab Ign i click link 0 to view ot ne webmail content EE LC a I 1 MEAN HJH Housail ELL e r3 RI tw DR i aj emere ri T m EL ENTE EHE lalis Mh DAD gen Jeng c spass m ei zeg EE T NEA MEE Qu Team on m CJ DAEMCHdn 3nd Milner notie AMSEIME H is DELLLI t Kaes SCT fails notice 4 F438 SLP ween SS Jr n PERPE Paih r natice APIAE ik zb a Ze HET m TAA lm ASH AT 5 MINUM 2p ee ry Zen Pet bball EL A DES ES a aeg worin Laj rang O E ee E Qn erret CO mieEadiacon T T Hk PME Cox a FE LED mro IENONRCT deere Features in this user interface UI 1 Download A link to download the record 2 Source code A
15. file T 4 g T The Decision company does not have the information of Tsuen Shing and your seller SIB That is why it took time to reply you and resulted in this unwanted delay Copyright 2007 Decision Computer International Co Ltd 16 3 IMAP inbound IMAP inbound records emails when targets use IMAP email server The details of email recorded include date time sender address receiver address CC BCC user account and password as shown in diagram below MENU Hard Disk Information 73G Used 7 8G Available 61G Available 88 Soft SMTP 46 2006 10 20 n IMAP 4 i 13 07 15 Whoopshank d happycall tw NONE 4 News for you happycal password MTT T IT uj 2006 10 20 __ i 2 pt service deci whoopshank d happycal 4 Y t read th T whoopsha whoops ek FTP 1 9 emm e H ppy ou must rea IS Newz 3 p p H MSN 571 3 asw hsiehGyahoo ivanghotmail NONE AUNT ivan ivan2233 BR ICQ 2 2006 10 20 p YAHOO Q 4 13 07 15 eo network leo yahoo co NONE 1 This information you must know leo leoyou BA VOIP 5 20 Suhmit Features in this user interface UI 1 Wl Attachment There will be a symbol appeared if there is more than one attachments included 2 Download A link to download the record 3 Subject Click on e mail s subject to see the content View Email Content The following diagram is popped up if user clicks the subject name
16. link to view the source code of webpage Note Users do not care about the links of subject name and R Copyright O 2007 Decision Computer International Co Ltd 18 5 WebMail Send WebMail send log includes the information of date time sender receiver carbon copy confidential carbon copy subject email contents and type of mail server Ca WENAL End e Er aie 789197 a pedis gebai benik NOME IDE LO fin aS pm d ESEE de 1 a mue L pili asin kee eer P UC ian yes re Pu m zn uu IR rok 1 J unn Sief Je ten LL FROM dE X135519689mssb5B url com tw DATE TIME 2006 11 03 10 21 34 TO kengirdecisson com tw SUBJECT URL Miti E ATTACHMENT URL BECK 6 Features in this user interface UI 1 Download A link to download the record 2 Source code A link to view the source code of webpage 3 WI Attachment There will be a symbol appeared if there is more than one attachments included Copyright 2007 Decision Computer International Co Ltd 19 C Chats Chat messages are captured while targets use one of the Instant Messengers such as Yahoo MSN ICQ AOL and QQ 1 MSN MSN log includes the information of date time chatter s accounts and number of messages and transferred file Leg S COMTI BSA BELLIS Boop rm ps Bas am Bussan amp Wt ia Bo click link Seen CONVERSATION to Beien i d el iA
17. mmm mm zeng auem Aus L WEER SC Wu CNN H LETT NEUEN ea NAH KEE Ai click the link Le CONVERSATION to L view the dialogue MATES TINE me 110 TST SCHEER AME 1 EE uEEES I Selen 318524984 MESSAGE MEE TT MESSASE am EAM ITT MESSAGER TENE iii ZIELER M SSACGER TERNE uai eremm WESSAGETMHEINIR TANE garg RHE Features in this user interface UI 1 COUNTS The total number of messages Copyright 2007 Decision Computer International Co Ltd 23 5 VOIP Before viewing the VOIP and webcam recorded user has to set up the virtual environment on the following WEBCAM VOICE SETUP page Virtual environment requirements e An MSN account needs to be created for E Detective system as E Detective system need to connect online to MSN server to prompt the viewer message to listen to the VOIP session or view the webcam session e A viewers MSN account normally administrators MSN account for online viewing of the captured VOIP and Webcam sessions WEBCAM VOICE SETUP Bian 168 88 148 1 Hard Disk Information 90G Used 264M Available 85G Available 99 HTTP 1675 z HTTP DYNAMIC 33 WEBCAM VOICE SETUP Ha WEBMAIL 12 Ed Msn Account wedetective hotmail com D WEBMAIL SENDER Ed Msn Password 12345678 TELNET 0 ao 0 J P2P 0 Submit AE GAME 0 SEARCH ALARM ay EXPORT PARSER RAWDATA Zon MANAGE Eh BACKUP 49 SYSTEM W NETWORK USER 3 A
18. servers for purpose of saving computer s resource Service Status Action ssh Start stop inetd Start otop conver Start Stop OpenRaw Stop tart emailsub start stop parser start stop tomcat Start stop WirelessScan start stop Moto Crack stop gpsd stop start ntp stop start wirelessids stop tart wifid Stop tart wifi Start Stop FireWall Start Carries out the far end segment Carries out the functions of POP3 IMAP and SMTP conver Carries out the conversion of codes Copyright 2007 Decision Computer International Co Ltd 65 Function Users can be able to specify what IPs can access into ED system FireWall It creates specific IP for allowing login to E Detective System Create Allow IP Sit H alata oioto A Allow IP 192 168 1 0 24 Port numbers provided for reference Copyright 2007 Decision Computer International Co Ltd service List Service Status Port ftp Open EN ssh pen ae pops pen 110 rpchi pen 111 auth pen 113 https pen 143 u pen BU u pen D mysql pen Ub ajp 13 pen XN NE 4 Set up System Time Providing the function to adjust the system time shown as the following Hard Disk Information 55G Used 2 8G Available 49G Available 94 Network Setup Check HD Services Update System Time System Time Update Current System Time 2006 12 18 18 37 gt Year Mon Day Hour Min Update System time age 12 E 18 E 18 E 37 sl S
19. view the messages d EDT e iE unm 271 Gi 1 IBI Z i HM LILLE rh TT H d SCREEN HAME Features in this user interface UI 1 COUNTS The total number of messages 2 FILE NAME An icon will be appeared if there is a transmitted file user clicks on that icon to view download that file Copyright 2007 Decision Computer International Co Ltd 20 2 ICQ ICQ log includes the information of date time chatters IDs and number of messages and transferred file B uem CONDITIO ICO 1 161 120 POPE AIT f ied METERA WEIS cian 13 e Ber HI BI a 7 Sal mm am ai emp dg Ens F E F Pa i Gae sites te T i i CONVERSATION to faa view the dialogue 1 Ben sg 1781 CG OAID rt Pe 11 ri a SORDIM MAMI 7 SEL Ti ti EIER Ee H de KAES m gt De o 1 ihkas ces Teles po edel adi sera ilm dIdd m r enda ria reg ARES x DEST 1 Bash M s pell ui eiie ri corpi ee 2 Cheer mag hers fers ree Cae park msnm hare phh idm thee alpen a ar rie Oc bap eae Pager bvd Bio Chaa Lap Bape en ceed KSC A LES re ee ROR LT TT Peis kescht phil Heese Hoe eer peer pe cR pag F Dibri edhe wees gare ec ren m Soe 2000 44 31 em Os OG 45 mr zT 200 9 31 rs atii as TE d Rn GAIT SS PEE REL oKunt 13 Total in page TiROwsperpage inm Features in this user interface UI 1 COUNTS The total number of messages 2 FILE NAME An icon will be
20. 0 11 95 D4 25 15 5 5d WEP 41 1488 24016 Dlink abg Yo OO 1S 46 FO 87 Bs 4 WEP 13 Al L Gg S 00 E0 98 51 0F 06 11 11 WEF 136 0 Untitled SIA CLIENT MAC STRENGTH PACKETS BSSID CH ESSID 1 UU UE 55 28 99 00 ER 545 00 11 85 DA 25 15 Dlink abg 2 00 15 00 4E CB EC 2j 573 000D ss 44E F3 To meetng E UNSER EHS a 45157 ATT 98 T15 7251 Tihinl aha Copyright 2007 Decision Computer International Co Ltd 55 5 Work Log This function shows the work log which includes time E Detective system MAC BSSID ESSID channel encryption type filter type query and details of the network Hard Disk Information 736 Used 7 96 Available EI Available TA 33 r E L CH gE D P d j d a d cw p p Se LE T L RI 2E a Lo 1 200 E MATT OIG OS 2A1C BE DOE DAS Geh Aa 5 OPN ORT QUERY DETA 2 2007 04 26 09 43 4100 ED 2A 1C BE 11 285 Du 25 13 Dirk we 5 LN MP Oe ERY DETAL A 2007 04 26 O9 SSO L3 2A 1C BiE 0711785 D 213 Dirk 3549 5 OPN AA QUERY DETAL d 2007 04 20 13 00 n D 11 95 DA 25 13 Dirk aq 5 OPN M OUER DEN 5 2007 04 18 13 407 4300 fB DGCRAC CBE EP 5 Untitled 11 OPH z QUERY DE 6 S00 12e aA 1C BE DOO ooo 1 OPH WL QUERY DERE PSO 1G 17 02027 OO Sp IO Se CBE DOH LA TO AA ACIE DII decsionttiest P OPN MANLLAJ GUERT DE K MENU En POPS 730 3 find out the data 3 SMTP D Tir L IMAP p belonged to this e FTP m work log Sa MSN ES Si show the typ
21. 04 20 11 03 12 4007 04 16 13 13 10 2007 04 16 11 54 10 4007 04 14 18 47 18 2007 04 14 18 43 25 2007 04 14 18 41 25 2007 04 14 18 35 20 2007 04 14 18 35 45 2007 04 14 18 35 43 4007 04 14 18 32 04 2007 04 14 18 31 57 2007 04 14 18 31 25 2007 04 14 18 30 25 2007 04 14 18 28 18 2007 04 14 18 25 14 2007 04 14 18 25 37 4007 04 14 18 22 00 4007 04 14 18 21 25 2007 04 14 18 21 25 2007 04 14 09 42 53 192 160 1 145 EENS CNS 10 0 0 3 2 9 7B H24 157 7 9 7B 93 118 2105 23 19 219 5 83 05 218 5 82 137 219 5 93 58 2139 75 92 205 SAUER 213 75 83 185 ag be ZB a 219 75 33 185 219 76 92 92 219 76 92 212 219 76 92 205 219 76 92 140 219 76 92 205 192 160 1 4 00 15 00 4b cbh ec SO YOUR C9509 0BE1 00 15 00 4b cbh ec SO YOUR C9509 0BE1 00 30 1b ae 7 1 64 SO YOSHIKUN BBT8SZ 00 14 78 11 d5 2d FO GM DD 13 ce 75 7 b b4 d DD 13 02 15 85 28 SL II D8 35 7a eb f8 SO YOLRB BE 7BB85312 D 13 02 89 d7 d1 02 NATALIE 00 16 cf b4 36 68 SO LENDOS O 3D8DADDB 00 15 ce 0a 38 41 0 HADI S265EF0196 00 18 de 04 59 53 s G OLIK 00 0e 35 7a 66 f SO WORKGROUP D0 11 5b 32 8e5 30 SO TANG TOS DSBOBFS II D8 35 7a eb fa SO YOLREB BE BB5312 D 18 de U4 b3 e SO YOUR 37 25624507 12 17 7d 3 c4 O WORKSTATIONS OO 16 ce0a s9 41 0 HADI S2BSEFUT185 00 18 de c7 0 07 SU 00 16 ce 0a 39 41 SL 00 12 10 1547 O TONY Features in this user interface UI 1 To converter to convert the code in order to make characters readabl
22. 12 8 aa G 1 O 00 0A 79 98 1C A5 6 54 OPN 2 0 corega amp eB pop p B 2 O 00 0D 88 44 E F3 ri 11 WEP 2440 208 meeting GO SEARCH 3 O 00 11 95 DA 25 13 5 54 OPN 5443 20477 Dlink_abg E ALARM 4 O 00 13 46 F0 87 B3 B 54 WPA 1986 25 DG_KC Home EXPORT S MANAGE 3 STA PARSER CRACK CLIENTMAC PACKETS BSSID CH WEPKEY ESSID d i 9 WIRELESS 1 Q 00 0E 35 87 21 14 351 00 11 95 DA 25 13 5 OPN Dlink_abg E Gees 2 O 00 0E 35 6E 3D B9 5026 00 11 95 DA 25 13 5 OPN Dlink ab 43 SYSTEM DE 35 8bE 3D 11 95 DA 25 ink abg 3 NETWORK USER 3 Q 00 0E 35 96 61 E8 23948 00 11 95 DA 25 13 5 OPN Dlink_abg lt gt 5 00 20 A5 58 85 A7 31 D0 11 95 DA 25 13 5 OPN Dlink_abg oe GN A CO GO DNE Copyright 2007 Decision Computer International Co Ltd 53 3 WEP key This function shows the WEP key that has been cracked or imported Besides it allows user to import from Excel file and export to Excel file WEP key It allows users to search through the wireless system for specific WEP key as well Besides it allows user to delete it from the list on this page Hard Disk Information 736G Used 7 9G Available 616 Available 88 7 Capture Import Wepkey History Work Log Ids S TT Delete L Import L Export CH Search NO DATE TIMEt BSSID WEPEEY No Data Count 0 Total o In page 0 Rows per page To import WEP key e https 192 168 1 60 wireless import php Microsoft Inte Mea Wepkey Impo
23. 20 Submit Delete Import Export Skip IP Set IP Auto Search ISP Copyright 2007 Decision Computer International Co Ltd 68 To add IP Click Auto search to display following window Input the IP segment to be searched and get IP of on line computer check the computer IP you want to add and click Update to add it Auto Search IP List IP 132 158 1 1 132 158 1 255 IP MAC Search Auto Search IP List VERSION 10 65535 d User IP PC Name Group 182 158 1 18 Ef 192 168 1 6 1 182 168 1 1 H 192 168 1 2 EE m 192 168 1 15 Sa Py 192 158 1 17 O 182 188 1 5 NEN Update Click Import to display following window You may edit an Excel file and upload it to system Format IP MAC NAME GROUP file type is CSV GROUP 1 MAC can be blank F hitps 192 168 1 60 userlist list php Microsoft Internet Expl C Ice Import File oe owe Impe Close amp Done a L Internet Note Name can t be Chinese character if you need to input Chinese please convert it to Unicode and upload Note Mac address is proprietary location of LAN adapter Copyright 2007 Decision Computer International Co Ltd 69 e Click Export to display following window You may export IP list and back up Zl https 192 168 1 60 userlist download php O X Export List 2006 12 20 13 45 47 csv B s Internet o Click Skip IP Setup to displ
24. 7010ZPassword 123456 Program start start decrypt login data get password key 4260ds9a5a0Ste 12 5 1fi04cc LUeeda decrypting 16 datas 2006 01 06 19 03 17 572670102 200611112156 B 4p BAK Copyright 2007 Decision Computer International Co Ltd 88 U GPS GPS function allows administrator to approximate the location of APs or STAs EE A Me Option Information Capture BSSID H Ly ESSID NIA No Longitude Latitude Signal Stren Time Capture Type NIA l Clear BSSID key ESSID ESSID key No Number Lad IE location AP or PC NE AN Clear location Latitude Latitude Signal Strength Signal Strength EAR Refer to the diagram below When wireless e detective system with GPS moves and stops at location A press Capture The GPS diagram can set the location of A as Capture 1 When E detective system moves to location B and C press Capture at each location and the system will record these two locations as Capture 2 and Capture 3 Just move the mouse arrow to the captured location and it will display the location information 32 1 mh kb Ahhh Sen A capture 1 C capture 3 ek Spee Sale capture 2 Copyright 2007 Decision Computer International Co Ltd 89 V Data Mining w MENU Hard Disk Information 3G Hga POPS 117 Dot SMTP 45 Fg IMAP 4 ly FTP 18 Bi 9 MSN 571 B VOIP 5 men HTTP 25828 He HTTP DYNAMIC 488 Hi g3 W
25. AlI SEMG E 19 AES E 20 MSN WEE 20 iS EE 21 VATO EE 22 dr Oee a e E 23 AR 0 EEN 24 I VVC SICH O Canis CP Tt 26 T e Me NR NOG DEE 26 2 HTTP Dynamic webpage content log 2f Es TING e A 28 nh PORUM 29 OSP A EE 30 Fis MING Gal EE 31 Be BE 32 We EATS CD We EE 33 M Example DY IP Se E NEE 34 2 Special Search Type only apply to MSN ICQ YAHOO 9D WE EE 39 OR deel EE 42 bess VVIFGlOS ee 44 Wireless Network Management 44 VAM aerea e E 53 ENE EE EE 54 Copyright 2007 Decision Computer International Co Ltd 3 A el te E 55 ANVOI dios aaa CER 56 6 IDS Intrusion Iotformmaton kA 57 Wit ACKUD Dala ss e E DUM Ne usi seed cote Poss eae aoa 58 T Backup Raw Data ISO EE 58 2 packubpuibalabase EE Ee 59 SY OTE uat Ne a cde sical usu cardo ted tae 60 Ts NetWork ScD EE 60 2 TAIL WIS AGC E 64 S Sly EE 65 2 BUD SYSIEM NIMC E 67 Oe Network RE 68 1 ORFING IPANIONMAU ON EE 68 2 List of Logged in User cc soos i E aE 72 2 NDIS RE T TRES P AUDO SO EE 74 Tt Group Sel D E 14 EE ege 76 QDE te Dal E 77 1 Delete Mode DEE I 2 Delete CAN mE ES 78 K IE TR RE 79 Oe POWER ON OFF E 80 T QQ INFO SETUP How to see the encrypted conversation 81 Step 1 Download the QQ cracker eseeeeeeeese 81
26. Co Ltd 92 Note if you are installing Mirror mode your Switch Hub must have Mirror Port function e How to record data from different network segment Ans please refer to manual P 74 e Can t back up or burn CD Ans Please make sure CD ROM drive is correctly installed at 1st socket of IDE2 or 2nd flat cable e The file extension of uploaded and downloaded file captured by FIP is txt Ans Right click to Save as another file change it to correspondent file extension and then open it Ex jpg pdf rar etc e MSN or ICQ cant capture data Ans Turn on 1863 port of firewall Turn on 5190 port of firewall e Can t use Web interface after booting system Ans It has used 443 port please use https 192 168 1 60 to log in default E Detective IP is 192 168 1 60 e If I ve used Proxy the IP in Web log belongs to Proxy Is it correct Ans Yes you can only have Proxy s data If E Detective is installed in front of Proxy e How do user interfaces arrange themselves automatically and save the settings after arranged without rearrange next time What s the right size of background graphic to fit screen Ans 1 After arranged the positions right click on the icon of user interface and choose Save current settings to save the position 2 There is no size limit on background graphic it depends on your screen resolution e Warning policy doesn t work after setting up and system doesn t send a warning lett
27. EBMAIL 308 Hie WEBMAIL SENDER ER TELNET 12 amp M QQ 3 o g pap g f EXPORT lay MANAGE Me LOGOUT DPI 1024x 68 Data Mining E Detective full text search of Data Mining let you use searching criteria to match user s input keyword The system will match keyword with text and attachment of numerous e mails E mail POP3 SMTP IMAP Hot Mail Web Mail which stored in database then list the mail which meets keyword criteria Data Mining H wen EES p SMTP C Bn 15885 4 amp MAP E ILI A MSN D Copyright 2007 Decision Computer International Co Ltd 90 X Mail Setup The system can send alert email to administrator or users by setting up the mail system Setup instruction 1 Enter the remote or local mail server For example msa hinet net 2 Enter the Sender Email address For example xxx msa hinet net C SETUP MAIL OLocal Remote mea hinet net Sender Email root 2msa hinet net _ Server requires authenticationn Server requires authentication If server authentication is needed please input the server account and password and click OK 5 SETUP MAIL Local 9 Remote msa_hinet net Sender Email rooti msa_hinet_net Server requires authenticationn Account decision OK Reset Copyright 2007 Decision Computer International Co Ltd 91 Appendix A Q amp A Note
28. File 5 A Iso File Name backed 1 en 14M v DVD CDROM Jv Bum CD D Due Copyright 2007 Decision Computer International Co Ltd 58 2 Backup Database Backing up database table to prevent form database damage you may restore database by backup of log file The log file will be generated once everyday Hard Disk Information 3G Used 7 9G Available 616 Available 55 885 Backup Rawdata Backup Database T DATABASE BACKUP FILE No Data Copyright 2007 Decision Computer International Co Ltd 59 N SYSTEM This function is divided into four parts e Network setup HDD usage Server e Setup System Time 1 Network Setup In this page E Detective System provides several setup functions e Network setup The following page allows changing IP Net mask broadcasting and gateway of E Detective System you may set up here Also set up which operation mode such as ALL IN ONE CAPTURE and ANALYZER here The DNS address is also set up here Note the system will require rebooting Note set up a real IP and log in remotely for browsing and controlling IB MENU a POP3 0 ep SMTP 0 IMAP FIP 0 By MSN Oo ca W YAHOO D A VOIP 0 8 HTP HTTP DYNAMIC amp WEBMAIL D Ca WEBMAIL SENDE B TELNET 0 Aao SEARCH ALARM amp y EXPORT El MANAGE g WIRELESS E BACKUP SYSTEM NETWORK USE 63 AUTHORITY SE d DELETE DATA R FDIT
29. UTHORITY SETL DELETE DATA 2 EDIT PASSWORD POWER ON OFF A QQ INFO p 5 WEBCAM VOICE Viewer Msn Account wedetective1 hotmail com Features in this user interface UI e ED MSN Account amp Password Apply for a new msn email account and its password at Msn website for E Detective system e Viewer Msn Account Setup the email account which the user uses to view the video Copyright 2007 Decision Computer International Co Ltd 24 VOIP VOIP for MSN application includes the information of start time end time participants IPs video and audio Setup the virtual environment first in order to view the video Please refer to WEBCAM VOICE SETUP section for more detail 24 VOP sg HTTP 28690 zg HTTP DYNAM 4818 CONDITION VOIP 192 168 1 53 2006 10 20 20 02 46 2006 10 20 20 04 31 click icons to view hear video audio Copyright O 2007 Decision Computer International Co Ltd 25 D Website Log E Detective system captures the URLs and webpage s content that have been surfed 1 HTTP URL log HTTP includes the information of date time user s IP and URL User clicks on the URL the system will link to correspondent Web page PC needs to be Internet ready tp 1 al ei be Si and ue E 1 EM I CONNTION HTTP 65 3085 Rave TI Sr E p m 2 E OF rF fe fo He oe gt Gm Dm Du Dub r LEI d
30. ack by system automatically i e The system proactively runs both of the capture and crack procedure at the same time when the system starts capturing data Decision Computer Wireless Detective provides the function of proactive crack on the sub menu tab of CAPTURE Proactive crack runs the capture and crack procedure simultaneously When the crack procedure completes the system then runs the recover revert restore return procedure to revert decrypt the data 2 Passive Crack Passive Crack means to crack by users manually System passively runs the capture procedure only without the crack procedure Then it runs the crack function manually as needed Decision Computer Wireless Detective provides the function of Passive Crack on the sub menu tab of IMPORT Passive crack includes the following steps 1 select the source of raw data 2 set the time to use for crack procedure 3 complete the crack procedure within the time interval 2 Proactive Crack and Passive Crack process chart 1 Proactive Crack manually run the procedure immediately or automatically run on the scheduled time WEP key finish or not z Please refer p 43 Capture for more detail Copyright 2007 Decision Computer International Co Ltd 44 2 Passive Crack Select the source of raw data set the time interval complete the crack procedure z Please refer p 49 Import for more detail
31. am UO ne AS p o Te Seet rr d V rt Aen ned bi E Ke did TT Ref A 4 Ua ELrt Angaben Gr DER BN KT WW JT pott Ce pA Bb ee ee OH FE vu og PTT FEET D4 r71 edit SIE rege SIE EUR mre Pn hn Ee BEES Oe Bee eee Pe Mecum oF Dn Dus EE a ifr ar iE cx EE FUR END E Rm EL Fu re mmm e aimee E gp Ge an eee EA ra PIU ul a ei Eens MCR wm s Ss ee sa ui cl TEPPE ET Miint ea BERE a Ce wart em amon ML mn units J F nr om te fei ma dd age situa m T e KN Features in this user interface UI 1 Source code A link to view the source code of webpage Note Users do not care about the links of subject name and R Copyright 2007 Decision Computer International Co Ltd 2f E Telnet E Detective System records the process from stem to stern while targets surf the internet via Telnet Telnet includes the information of date time user account and password and server IP The process from stem to stern saved into a file called FILENAME Users click the link FILENAME to pop up a player to see the process MEENAL SCRLERI ST a Hard Disk kengen 3 Used 8 Available G06 Available 4 8 Sa W WER km SERER FILE NAME T ommo meu SP E WELE So aE AWA VEH BLAAR Aog HUT Count 2 Total 1 Inpage 1 RawerBer page X click this to open LiF EFF Ce k UR K Te dg H i Ti i Se De Features in this user interface UI 1 A field to show the target s input 2 Black screen t
32. ame WIRELESS 00 11 85 DA 25 13 raw 1170406098 submit Delete WIRELESS _00 11 98 0A45 13_raw 1170425212 WIRELESS DD 11 85 D 25 13 raw 1170425255 WIRELESS D0D 11 35 D 25 13 raw 1170425525 WIRELESS DD 11 35 D 25 13 raw 1170425781 PATH datas fault UNKNOWN WIRELESS DD DD 88 44 E7 F3 raw 1170332208 8 0K UNKNOWN VOIP WIRELESS D 12 DE 21 18 75 raw 1161370826 2 EM UNKNOWN OG WIRELESS DD DF A3 24 08 44 raw 1152810224 252K UNKNOWN IMAP woELESS DD 12 UE 21 18 75 raw 1161350818 20K UNN agg EFF ABK UN ISO file wil be tF select the device appeared here to backup ER save file to HD ow File Name Burn ISO Burn Rawdata Iso Fic aw iso File Burn Query s File _ 180 File Iso File Name backed 1 iso 29M DVD CDROM rv Burn CD Delete Note Exporting function can only export the data on the left of function menu the default is to export all data For example you ve searched all data of IP 192 168 1 20 and their results are displayed on the left of function menu then exporting data is all data of IP 192 168 1 20 not that all of IP Copyright 2007 Decision Computer International Co Ltd 43 L Wireless Wireless Network Management 1 Proactive Crack and Passive Crack Wireless Detective provides 2 options of crack function on the user interface Proactive Crack and Passive Crack 1 Proactive Crack Proactive Crack means to cr
33. and press Submit 2 https 192 168 1 60 account RenGroup php Microsoft Internet Explorer EIL Modify Name YL Submit ces rm L Internet Copyright 2007 Decision Computer International Co Ltd 15 2 Create user Create user Input login account password and group then press Submit F Group Setup Create User Create User Paswod Group Name GROF v submit Reset Note REQUIRED FIELD Copyright 2007 Decision Computer International Co Ltd 76 Q Delete Data It is divided into two parts 1 Delete Mode 2 Delete All 1 Delete Mode Use drop down list to select POP3 SMTP FTP MSN ICQ P2P YAHOO HTTP HTTP Dynamic TELNET WEBMAIL WEBMAIL Send and etc to be deleted Date and time can also be specified Column to be deleted can also be specified Delete by pressing Submit S Delete Mode Delete All Mode POPS k Date Time E m B Column IP wi Column Ver cubrmit Note Mode FTP gt Column Action gt Column Value Upload Download Copyright 2007 Decision Computer International Co Ltd I 2 Delete All Input user s account and password for delete all data F Delete Mode Delete All aner Login Pass Submit Copyright 2007 Decision Computer International Co Ltd 78 R EDIT PASSWORD Input the new password press the button Submit to set up Modify
34. any does not have the information of Tsuen Shing and your seller SIB That is why it took time to reply you and resulted in this unwanted delay Copyright O 2007 Decision Computer International Co Ltd 15 2 SMTP outbound SMTP outbound records detailed information of each received e mail including full text analysis receiving date time sender receiver s IP receiver carbon copy topic and attachment All SMTP emails running on applications such as Outlook Express Microsoft Office Outlook and etc will be captured in the Wireless E Detective System KS MENU H a POPS 117 Gef SMTP 46 B192 168 1 1 1 m cB 158 1108 1 78192 168 1 136 4 0 078492 468 1 151 2 78492 168 1 164 2 0078492 4168 1 170 2 078492 468 14 7 8192 168 9 109 2 78492 168 9 91 4 78492 168 9 98 5 B192 158 9 99 15 ils CONDITION SMTP 192 168 1 108 oliver huang amita_chen e NONE NONE JR 4 2007 04 12 12 38 50 Features in this user interface UI 1 WI Attachment There will be a symbol appeared if there is more than one attachments included 2 Download A link to download the record 3 Subject Click on e mail s subject to see the content View Email Content The following diagram is popped up if user clicks the subject name click this link to see the source code of this webpage click this link to see the attached
35. appeared if there is a transmitted file user clicks on that icon to view download that file Copyright 2007 Decision Computer International Co Ltd 21 3 YAHOO YAHOO log includes the information of date time chatters IDs and transmitted files T DI BEET z PORAT 1 75 SNIP He 1 2007 01 91 DE 41 ZEN re wem M 5 ie click the link gd eT ZS CONVERSATION to P LA view the mer ne kee A re Abdula Hon Jordan sqie ett E gengen dutionty Presdent Mahrroud i fem n an Ti 2x2 0m XU TOO Vir as beet Pe ee d qnd vi e Ova REN DOT TOES Banh Mo Een unbl revise i complete p a Erig 2 Chorney mau kort Igor Cegrgrerg 2007 1 31 Carnet of fastmatesng Towers test balasca SE gg Shite Eich oF pupa keet zeegt no he pipes EA OTSA Schoki eker Bea Tho Caid Lei Detin ancien Jean LE Pa aa ger mae Aigh een ian ERE Uu Phelon locks pas Tasten dor sialbganca cornriiss pott pma TH Slugs hohem aden ace e mIIL hrqgad e brass E e p ENER rmmmeeeeEM tom Ss Count 13 Total 1 bo page T Rowsperpage c Eam Features in this user interface UI 1 COUNTS The total number of messages 2 FILE NAME An icon will be appeared if there is a transmitted file user clicks on that icon to view download that file Copyright 2007 Decision Computer International Co Ltd 22 4 QQ QQ log includes the information of date time chatters IDs and dialogue aic M mp
36. ay following window and then set up the IP not to be sniffed Skip IP Setup w LJ No Data Copyright 2007 Decision Computer International Co Ltd 70 e Click Set IP to display following window This setup will delete an IP if there is no packet going through a computer doesn t use network e Click ISP to display the Internet Service Provider of sniffed IP and then Set Time Auto Delete Every Minute Submit Rule No Setting B s Internet click the link and icon of ISP field to display source s location WebMail 122 Sa WebMail 38 23 Telnet 0 4 aa 1 o SS e mn jy Saw cag SSH gu Bieb py ren dg RAEN v Seb FERE eg UBRO E ol MES c EREE y FARAH A cogszR Q KEREN CR SH RRA B0312 00 00 EROR UT EE 2 1024x768 Copyright O 2007 Decision Computer International Co Ltd No don A 2 P 3 7E 4 O S la 6 Fl FEE a 8 O g F wa 1 pm HTTP Dynamic 1035 BRB Ah 109G CEH 1 2G BRE 102G 38 i el O sem BH EEM REU eRouei t 3 E IP Sa cj RE EE IP t SEAM BEER ISP O 203 Ji eg 190 E O 192 168 8 20 w Intranet S O 192 168 8 19 se Intranet O 192 168 8 18 we Intranet O 192 168 8 15 E Intranet O 192 168 8 14 W Intranet O 192 168 8 13 S Intranet O 192 168 8 12 W Intranet O 192 168 8 11 Se Intra
37. deci service deci vincent 4 RE Request for update version of Wi service yrhhi8 8 192 168 1 108 1 2007 02 02 8492 168 1131 1 2 15 44 47 tony tsuensh serice deci printk g 4 RE RE FW Feedback From Decision Service yrhhi8 E192 168 1 136 2 402 Bl492 168 1 151 1 3 gives casper decis serice deci NONE VEE Edstecl nm 3 service wrhhi8 8192 168 1 164 4 1 02 2192 168 1 170 1 4 Au decision dec service deci NONE 4 Fw Question service wrhhi8 8192 168 1 3 1 2007 02 02 l 2192 168 135 Q 5 15 44 47 tony tsuensh sernice deci NONE rv Feedback From Decision service Q wrhhi8 192 158 1 4 15 2007 02 02 _ 192 168 119 2 6 15 44 47 printk amp gmail semice deci NONE 4 Re Feedback From Decision service yrhhig B RH T SC jim pengo co service deci michael RE RE ED system service wvrhhi8 2192 168 9 67 69 Features in this user interface UI 1 Wl Attachment There will be a symbol appeared if there is more than one attachments included 2 Download A link to download the record 3 Subject Click on e mail s subject to see the content View Email Content The following diagram is popped up if user clicks the subject name Copyright 2007 Decision Computer International Co Ltd 14 click this link to see the source code of this webpage click this link to see the attached file T E The Decision comp
38. e 2 4 The function to find out the information belonged to specific target Copyright 2007 Decision Computer International Co Ltd 73 4 MSBROWSE 4 WORKGROUP 41 MSBROWSE 7 41 MSBROWSE 4 MSH ME WORKGROUP x j MSBROWSE 4 WS per page Submit P Authority Setup Its divided into two parts 1 Group setup 2 Create user 1 Group Setup It includes create new group change group name add user modify user press Submit to activate settings after set up Group Setup Create User T Group Name Group Member GROUP test X Do not join group root Create Edit Note It this group has no members then you can delete this group e Modify user s password group and computer IP Click on Group member to display the following window Modify by the order and then press Submit https 192 168 1 60 account UpdateUser php LoginlID test Sliced Update User ID test Password D9be 921049 Group Name GROUPT Submit Reset Delete Close Note REGUIRED FIELD 2 Done Es Internet Copyright 2007 Decision Computer International Co Ltd 74 Create new group Input group name can be in Chinese and press Submit A https 192 168 1 60 account AddGroup php Microsoft Internet Explo PRISES Create Group Group Name Sit Close B Internet e Change group name Change group name can be in Chinese
39. e CC i E DDR gas click the link to vie ACMA the web site Cam EIN GAG 2154723 Th LE 2H m a d Hl Wl Bi ria dam amp Em Ok T AE T api Ee N d E 55 a 5 m ES t4 t EFE Hm W Bia g E n Si TT Ke E hel b m M m m m E GR Ee papare m preh Ee E Gr IT v TET TI Tom tt D sp E TL i a es es z CH L mir R EFE h See con um Til Un sida Copyright 2007 Decision Computer International Co Ltd 26 2 HTTP Dynamic webpage content log HTTP Dynamic includes the information of date time user s IP URL and contents a HTTP OIRAMC STE CONDITION Ir 1T E11 Bywam EErEE T 3175612095538 1 H tw tiw re com RO Be H 30531808 click link 0 to view 9920 5 7 L WEAR Risen rant FCAS 3 WIES Some guage cum RO the content ERE 10 d DIER E H mpegs terrai en co RU e eer 5 APESS misst ere ac 6 WEIER HnimntmRO O DFAE HignarenBO Bam a 8 OBS Emani Ey wee d NUUS ebsites coho Bu OF d ef IT E I ee jon rd van Total 1 Inpage 1 Rowsperpage f Semt e 1 ree ee See ae i S uude P W I NE nicer I t 1 5 e Hr ease Ps Pe eee er HOGS Dee SH adr ES ee er SOIN gn Er um an has zx qu am um Ip eg i z 1 Bh p sam che Ee Gee Tae ede ee S SS HB Ask WD a m F A Coe Oy REIH vr ILI mm er a om Came CEO re DPE Ge rab ak d ey oda r
40. e of transferred packe 3 YAHOO 0 A VOIP 0 amp i HTTP 79 7 S HTTP DYNAMIC D Ra WEBMAIL 0 and the size Ca WEBMAIL SENgER TEDEH EE B TELNET 0 apps Best E Et TEE B oom gro HL Copyright 2007 Decision Computer International Co Ltd 56 6 IDS Intrusion Information Information to notify user if there is any illegal internet packets scanned Hard Disk Information 36G Used 7 9G Available 61G Available 88 7 Capture Import Wepkey History Work Log Is DATETIMEt MESSAGE 2007 04 18 16 20 59 Broadcast on 00 12 F0 4B 23 14 2007 04 18 16 20 59 Broadcast on 00 12 FO 4R 25 14 2007 04 18 16 20 57 Broadcast on 00 14 F0 4B6 23 14 2007 04 18 16 20 57 Broadcast on 00 12 F0 4B 23 14 2007 04 18 16 20 55 Broadcast on Q0 12 FO AE 23 14 2007 04 18 16 20 55 Broadcast on UU 12 FO AE 23 14 2007 04 18 16 20 52 Broadcast on OO 0C 2F 00 25 48 2007 04 18 16 20 52 Broadcast on DUU ZP 00 23 48 2007 04 18 16 20 52 Suspicious chent Q0 1Z EO AB 23 14 probing networks but never jommz 2007 04 18 16 20 47 Suspicious traffic on UU UC ZOU Aa A2 Data traffic within 10 seconds of a disassociate 2007 04 18 16 20 46 Suspicious client 00 12 FO BC D6 EA probing networks but never 1ommg 2007 04 18 16 20 43 Suspicious chent Q0 0 02 50 78 99 probing networks but never joining 2007 04 18 16 20 41 Suspicious chent 00 80 96 B A BB 54 probing networks but never joining
41. e will pop up the following windows is able to get the security key from user s input in order to decrypt the information manually Edit Wepkey Note HEX is from 0 10 and A F or a f ASCII defines codes for 128 characters 33 are non printing mostly obsolete control characters that affect how text is processed and 95 are printable characters Copyright 2007 Decision Computer International Co Ltd 49 In Time Condition n Time Condition User specifies the conditions below and presses the start button to start this filter The filter alerts user by popping up a message when there is any incoming data corresponds or matches the conditions specified here In Time 5can Condition Setup STATUS stop Condition Item Set Condition List CHANNEL gt gt m gt MAC gt NETWORK gt gt HEX sRING ae zs Start dd KEYWORD Dump Filter Condition Pump Filter Condition User specifies the conditions shown as the following diagram to only capture the information from the particular targets Dump Filter Condition 5etup Condition Item Set Condition List ef gt i NETWORK gt M cubrmit Copyright 2007 Decision Computer International Co Ltd 50 MANUAL AUTO MANUAL DUMP amp AUTO DUMP pup DUMP 1 Setup which Nic card to scan or manage Dump information Wireless Mic Setup aba Dump Submit Remark On Board wif Pemcla wit 2 How long to attack targe
42. er to the specified receiver Ans It s scheduled to execute one hour after setting up please refer to Copyright 2007 Decision Computer International Co Ltd 93 manual P 50 for policy setup e Can t directly open and view mail in POP3 SMTP Ans Go to Control Panel gt Add Remove Program and check if there is any Outlook Express Updates if yes please remove it Copyright O 2007 Decision Computer International Co Ltd 94
43. hese menus to get the findings Copyright 2007 Decision Computer International Co Ltd 33 APOLIWILE 1 Example by IP amp MSN Two inputs in different fields ex IP 192 168 1 20 and MSN she0430 hotmail com To find out the information belonged to IP address 192 168 1 20 or MSN account she0430 hotmail com APPLY EDILE DATE Ka Ka TIDE V Ka Ki Ir 62 TES ALL ESSIT BLAC FRIAD FEOM FiTO ee Osco GE KS SIRIENT WERESRATI TYTE w B FIF SERVER IF FTF ACCOUNT ins rre HE Seed od cor HEN ACCOUNT fl SCEREEM HALE DURAGBIIZCIPAHTZ ICQ ACCOUNT gt an LIXCKEEH WAHE COP ARTRAPANTS 1 TAHOO ACCOUNT e LIS EEERH HARE PAR TROIPANTS OC ACCOUNT gt A DCEEEI ARM PAEISZCIPAHTS URL dn ab h LS I ba e CH MEHU Hard Disk Information T3G Used 7 96 Available 616 7 Available CA 885 POPs n S SMTP 1 e IMAP click msn to get the findings Copyright 2007 Decision Computer International Co Ltd 34 2 Special Search Type only apply to MSN ICQ YAHOO Example 1 input one account in MSN ICQ YAHOO user s ID monitor end and Chatter s ID remote end FIP ACCOUNT seared m MEN ACCOUNT leery te ad e ad Corn Li DCKEEH HAME FARTECIPANTS 1 IO ACCOUNT 5 a4 LISCKEEH HAME COP ARTSAPFANTS 1 TAHOE ACCORNBNT Kl DSCREEM HAME OPARTICIPANTS l QQ ACCOUNT 5 B SCKEEH NAME PARTICIPANTS URL iB ab c ach Less raum
44. ht 2007 Decision Computer International Co Ltd 9 System Setup E Detective System default IP is 192 168 1 60 default Gateway is 192 168 1 1 If you would like to change the IP there are two ways to change Locally Login Note Change Set IP locally is done by connecting a Monitor and Keyboard to the E Detective system User can login locally using username root and password 111111 to configure SetlP configuration as follow debian SetIP TIP 192 1638 1 59 192 168 1 59 Wetmask 255 255 255 0 Broadcast l19e2 166 1 255 latewayvyil9z l68 1 1 You have entered the following network information IP 182 16568 1 583 Network 255 255 255 0 Broadcast 192 166 1 255 Gateway 192 168 1 1 Is the information correct Yes Nol Yea On screen will show the following message IP Network Broadcast Gateway identify where the information is correct if so enter Yes to complete the IP setup The following message will then be shown Copyright 2007 Decision Computer International Co Ltd 10 HAN NIC eth 32H PORT 22 Reset OE Broadcast message from root pts 0 Fri Jun 17 01 46 2006 The system is going down for reboot NO Broadcast message from root fpts 0 Fri Jun zZ 17 01 46 2006 The system is going down for reboot NUI debian Remotely login User can remotely login using username root and password 000000 Before login to E Detective system make sure the user PC is withi
45. ine World of Warcraft etc ke with enough packets captured Warning message Get up warning policy collect the data that meets and remote warning policy and send warning mail to designated monitoring account also can remotely monitor via browser at the same time and Data Mining mining by keywords services Copyright 2007 Decision Computer International Co Ltd 6 System Setup and Implementation Wireless E Detective system uses sniffer mode to sniff wireless network packets ranging from 0 100 meters depending on the environment setup For indoor environment with walls furniture blockage the coverage range could be reduced For outdoor with very less blockage and line of sight the coverage range is more Higher gain antenna can be used to extend the coverage range of sniffing wireless packets Modem Router Wireless Station Wireless Station DW Wireless E Detective Svsterm Figure Wireless E Detective System sniffs wireless packets from WLAN network Copyright 2007 Decision Computer International Co Ltd T System Installation Please follow the following steps for system installation 1 Switch in the power supply and the Wireless E Detective system 2 Insert the Installation CD into the CD ROM 3 Set from BIOS of the system to boot 1 from CD ROM 4 Reboot the system 5 The installation CD will automatically start the installation process 6 If you see the following message the insta
46. ing statistics analysis etc Wireless E Detective system adopts optimized Linux as the kernel and plus powerful Java Applet to provide a complete graphical interface for user User can configure and use on the fly Plug amp Play Wireless E Detective s speedy packet sniffing technology can sniff on specific target or scope selecting wireless devices with similar channel without interfering original network environment Since wireless access to Internet has been very popular in everywhere Wireless E Detective system can be used by police military information investigation and forensic departments to track down illegal internet activities such as illegal betting transactions access and others Copyright 2007 Decision Computer International Co Ltd 5 Product Benefits Emails Automatically sniff and back up incoming amp outgoing e mail including Hotmail and other Web Mail POP3 SMTP IMAP anonymous user and attachment for tracking leakages Web Mail down to insure security Internet Chatting Faithfully sniff and record chatting contents user s MSN ICQ YAHOO name account and IP AOL QQ ene H E up uploaded and downloaded files for download Website TT FTP management and tracking E to Windows Anti virus etc P2P upload amp Monitor and capture all P2P Communications upload download and download sessions like port used peer s IP Oninegames To peer s port address etc M Ragnarok Onl
47. k on the Renew button to update the system Copyright 2007 Decision Computer International Co Ltd 41 K Export ED system provides export function to export the data to HD or CD User selects what data type the ED system exports the data Click the link EXPORT to display following screen W MENU Hard Disk Information 73G Used 7 9G Available 61G Available 55 88 POPS 0 OS SMTP D CREATE ISO REPORT 79 IMAP ITEM s MU a POPS z 4 ico SMTP YAHOO D TA IMAP Q VOIP D FTP Ge HTTP 33 JS MEN 8492 158 1 185 93 S ico SC HTTP DYNAMIC 45 I FTU fi WEBMAIL E WEBMAIL See Sure E TELNET D HTTP DYNAMIC A oa B WEBMAIL H s pap B B WEBMAIL SENDER A See G3 TELNET e GES og D MANAGE EP pop LR LOGOUT Submit Press the button Submit to display following screen Microsoft Internet Explorer gt lt Press OK button and start generating the ISO file shown as following 35 Yo start Copyright 2007 Decision Computer International Co Ltd 42 Once the process s done the following window is popped up Hard Disk Information 736 Used 7 9G Available 616 Available oh 88 Make ISO Backup Rawdata amp Unknow iso file size e00 ME PATH datas rawdata WIRELESS DD OD B8 44 EZ F3 raw 1170240167 WIRELESS DD OD B8 44 EZ F3 raw 117 03322083 WIRELESS 00 17 95 DA 25 13 raw 11704057 37 Rawdata File N
48. l other applications before continuing Click Nest to continue ar Cancel to exit Setup Cl Setup 20 Feceword Crocker GOI Parre P realan n paced protected d x Peace pirenea rhe pazceeond thon ki hint n connue Fattesed ae Gace centred 2 x 4d0a34cas6fa9d9ea5 cdf 130105 lda Select Destination Location Where should OU Password Cracker GUI be installed LJ Setup will install UU Password Cracker GUI inta the following folder To continue click Next IF you would like to select a different folder click Browse Atleast 7 8 MB of free disk space is required Copyright 2007 Decision Computer International Co Ltd 82 5 Ka Q Password Cracker GUI Select Start Menu Folder Where should Setup place the program s shortcuts Setup will create the program s shortcuts in the following Start Menu folder To continue click Next IF you would like to select a different folder click Browse ie setup Q Password Cracker GUI ect Additional Tasks hich additional tasks should be performed Select the additional tasks you would like Setup to perform while installing OG Password Cracker GUI then click Next Additional icons ie setup Q Password Cracker GUI Ready to Install Setup iz now ready to begin installing QQ Password Cracker GUI op pour computer Click Install to continue with the installation ar click Back if you want to review
49. lists it on the table By selecting the particular AP or Station user can crack the encryption key WEP and WPA if the collecting raw data is sufficient about 100 150MB for 64 bit WEP key and 250 400MB for 128 bit WEP key Cracking WPA key is a customizable option the Decision Computer Int Co Ltd can offer For WPA the first key must be obtained in order to crack the key After cracking the key user ticks the radio on the PARSER column to decode the captured data and display it in readable format according to specific groups in the MENU If there is no radio on the CRACK column user directly clicks the radio on the PARSER column to decode the captured raw data without needing to crack any encryption If user knows the WEP or WPA key in advance user can click on the WEP or WPA key and input the key IB MENU Hard Disk Information 73G Used 7 9G Available 61G Available 88 t POPS 17 Import Wepkey History Work Log Ids Ej ei SMTP S s Ta IMAP 4 Please Choose Rawdata Source Der e RAWDATA SOURCE DETACH PATH datas openraw z d MSN 571 88 OC OcDROM OUSB OHD QGDETACH Ge YAHOO 2 WIRELESS_00 11 95 DA 25 13_raw 1177580030 9 9M v Read File SA VOIP 5 H HTTP 25828 amp d HTTP DYNAMIC 4E Manual Wireless Packet Analysis Crack Time m Crypt 128 Y Bit i WEBMAIL 308 Finish f WEBMAIL SENDER AP PARSER CRACK BSSID CH MB S WEPKEY BEACONS PACKETS ESSID E TELNET
50. llation process will stop Accept or Don t Please answer Yes No yes Now starting to install E Detective System This version is Unlimited HardDisk Configuration Do you want to continue yes 1 hdc ASUS CRW 5232AS ATAPI CD DVD ROM drive 2 hdc ATAPI 52X CD ROM CD R RW drive 2048kB Cache UDMA 33 Please answer Yes No yes Please input YES to continue or NO to stop the Installation process 7 After the installation complete you will see the following setup Local login Username root Passwd 111111 Remote login Username root Passwd 000000 Default IP 192 168 1 60 Copyright 2007 Decision Computer International Co Ltd 8 Default GW 192 168 1 1 Please press Ctrl Alt Delete to restart the system If you need reset E Detective server s IP please excute SetIP after local login hd dev hda hd1 null cdrom hdc status 2 WARNING could not determine runlevel doing soft reboot it s better to use shutdown instead of reboot from the command line shutdown No such file or directory bin eject unable to find or open device for cdrom BusyBox v 0 60 3 2002 06 20 18 01 0000 Built in shell ash Enter help for a list of built in commands sh can t access tty job control turned off Note Please reboot the system and extract out the installation CD If not the system will always boot from the CD ROM and repeat the installation Copyrig
51. local machine means where E Detective situated with monitor and keyboard connected e After installed what should do if couldn t see the computer data to be captured Z 1 Confirm if you ve registered If yes then excute program OpenRaw Please type the following command in local machine edetective ps grep OpenRaw refers to the shifted key of A in your keyboard If OpenRaw correctly execute you should be able to read the following messages JOpenRaw t datas rawdata i ethX JOpenRaw t datas rawdata i ethX OpenRaw t datas rawdata i ethX JOpenRaw t datas rawdata i ethX JOpenRaw t datas rawdata i ethX JOpenRaw t datas rawdata i ethX 2 Please confirm if the system has recognized PCI WatchDog Card of Decision Computer International Co while system booting Please type the following command in local machine edetective Ispci n grep 6666 refers to the shifted key of A in your keyboard If PCI WatchDog Card is correctly installed you should be able to read the following messages Class XXXX 6666 4100 EXXX 3 Please confirm if there is any data in on line IP information of network user list e How to change IP Ans Local machine please refer to manual P 7 P 9 Remote please refer to manual P 10 e How to install hardware Which mode will meet my needs Ans please refer to manual P 4 Copyright 2007 Decision Computer International
52. n the same subnet as E Detective system After login please select Manage System Network Setting and Setup to configure the IP After completed the setting of IP please click Submit and Finished The system will restart to complete the IP setup Wireless E Detective System Functions A Local and Remote Login e For local login the default URL is https 192 168 1 60 e For both local and remote login please input default user s name root e Default password 000000 e Language Selecting preferred language e Press the button Login to log in system Copyright 2007 Decision Computer International Co Ltd 11 Security informathon Dio pou tarni bo eplay Ee revr ercge abe Press Yesbutton _ Username please root Password please eseese 1 Please choose your language Traditional_chinese Copyright 2007 Decision Computer International Co Ltd 12 The navigation bar listed on the left panel it shows all functionalities and targets IP Users click the targets IP to see the records captured There is statistical number after category POP3 SMTP FIP HTTP etc That number means the total records captured and belonged to the particular category or target s IP Ex POP3 48 POP 117 FJ htpsl192 168 1 99 main php Microsoft Internet Explorer BIER BRO GG duc mag IR BG Sp Dis CO x gO Pas pm G g aeaa E amp Google
53. net Wl Es SH HOS JE 1 Ej Aas 1A SAB GROUP 1 GROUP1 GROUP 1 GROUP 1 GROUP 1 GROUP 1 GROUP 1 GROUP 1 GROUP 1 20 ERI 71 2 List of Logged in Users You may check logged in users for security management HTTP Dynamic 1035 BAAR Ah 109G CEH 12G aer 1026 een Ha WebMail 122 SE IP AR BARA SES WebMail 8E 23 Telnet No O IP RSA Ht 45 00 1 1 m 192 158 8 19 root 2005 11 04 14 41 09 o SS 2 E 192 168 8 11 root 2005 11 04 14 23 22 e Br 3 F 192 168 8 13 root 2005 11 04 13 42 38 D ENEH 4 oO 192 168 8 19 root 2005 11 04 13 19 45 cage FEE 5 Fl 192 168 8 11 root 2005 11 04 11 50 11 un BUS 6 E 192 168 8 19 root 2005 11 04 11 41 34 kd SIS T PR 192 168 8 11 root 2005 11 04 11 03 38 49 AEE 8 O 192 168 8 18 root 2005 11 04 10 40 45 O AREAS 9 F 192 168 8 19 root 2005 11 04 10 16 36 sa FEEARHA 10 O 192 168 8 1 root 2005 11 04 10 12 03 degt wa 1 3k 10 35 4618 ARES 1S 20 EE c EREE HE A cogis 3 RE ERR CR 7H Rz B0312 00 00 ee BEA 1024x768 Copyright 2007 Decision Computer International Co Ltd 72 3 Nbns NetBIOS Name Server NBNS the following UI records targets NetBIOS name and group name in order to recognize the different people who might use the same IP addresses Hard Disk Information 3G Used 7 9G Available 61G Available oh 83 D Jm Fw PB n ee te GG M 03 ABW Ne co 2007
54. ng message when used space reaches at threshold Also it generates a warning letter to notify specified personnel of spaces are running out and take necessary measures Setup step by step as follows 1 Upload the contents file you may customize the contents of warning file and press Upload to be standard warning letter 2 Set up the policy of warning letter set up receiver s e mail address topic and contents then press Submit to activate settings The system will automatically send warning letter once used space reaches at e AUTHORITY SE gl DELETE DATA 3 EDIT PASSWOF H H Fa Aa A It maium M threshold MENU Hard Disk Information 356 Used 2 8G Available 49G Available 4 94 wm Check HD a SMTP EI pw Msn Hard Disk Information d FPO m amp MSN Size Used Available Available Du W ica 556 2 86 49G 94 y YAHOO 0 VOPR D Warning Message Setup L HTTP OI UpLoad Warning message file au oor mel ie zum a WEBMAIL D L WEBMAIL SENDE i File GM TELNET 0 x sample txt SC Q SEARCH Warning mail Rule C ALARM EwiMam O i EXPORT 2 o MANAGE Subject o A 3 WIRELESS File d Submit 8 BACKUP L SYSTEM Rule Email Address Subject File 2 NETWORK USE No Data Copyright 2007 Decision Computer International Co Ltd 64 3 Server The ED system consists of a set of components Servers The following UI allows user to activate deactivate some of these
55. ning policy after setting up the system will send a warning mail to the mailbox of pre defined Receiving notification account to provide administrator with instant information If there is data which meets warning policy before setting up policy it will not display the data whose date time is prior to the date of setting up warning policy When click on Result it will display the items on the MENU which has met the policy set Administrator can also click on Search to search all data defined warning policy The policy can include source IP subject Web Mail Server FTP Server IP FTP account MSN account ICQ account YAHOO account URL etc You may set up multiple criteria Warning includes numbering No date time policy viewing results and search The system provides an advanced warning function you may search warning by predefined criteria Click the link ALARM to display following screen IB MENU Hard Disk Information 73G Used 7 9G Available 616 Available 88 t rem MEE acd n o SMTP 46 oe 20 1 Rows per page 2 Sui a FTP 19 Create Renew Close S A MEN G71 gro 2 YAHOO G s VOP 6 3 i HTTP 25826 z HTTP DYNAMIC 488 SC WEBMAIL 308 Eih WEBMAIL SENDER TELNET 12 Eye 3 a POP B Copyright 2007 Decision Computer International Co Ltd 39 Click the button Create to display following screen you may input criteria to match
56. o show the content 3 Play button To show the information once a character 4 Fast button To show the information once a line 5 Copy button User selects the user input first and then presses the copy button to get a copy 6 Clean button To clear up the information on the black screen Copyright 2007 Decision Computer International Co Ltd 28 F FTP E Detective system captures the transmitted files while targets use FIP to transfer the files FTP log includes information of date time user s IP user s name password and transmitted files shown as the following diagram Bum CONDITION FTP 192 168 1 78 S i SMTP 46 XE 6 IMAP i m alluser jmyohxbc DownLoad 192 160 1249 S01 15 pg gy FTP 18 2 E dg jmyohibc DownLoad 192 168 1249 0501 15 jpg Dim MA BIDE BA 3 Me alluser jmyohxbc Download 192 168 1 249 3 468 click the link here to view download the transmitted Copyright 2007 Decision Computer International Co Ltd 29 G P2P Peer to Peer P2P two computers are directly connected for transmitting the data without going through anyone else Kl MENU CONDITION P2P 192 168 1 165 oi SMTP 6 2007 04 26 94 IMAP L no 2680 7562 239 184 14378 BitTorrent mentee caer 8 Weg 2 Jee 2880 7562 230 184 14376 BitTorrent DOWNLOAD 0207d788ed E a e B ps 2880 7562239184 14376 BitTorrent DOWNLOAD 207d78Bed YAHOO Q TN se T EEA zi
57. o this cracker when you decrypt the conversation Range Setup the possible combinations of password Copyright O 2007 Decision Computer International Co Ltd 85 Limited Time Setup the max time to get the key Even if this cracker does not still get the password for you the process will be stopped when time is out Use Dictionary Cracker uses the dictionary s information to do the password matching if the checkbox is ticked 4 START tart to run program button 5 Command Detail how procedure for detailed information 6 QQ ID List hows the history of QQ ID records d er Information Shows the findings if password is found Get the password as shown in the following diagram LO o OQ Password Cracker GUI Import Encrypted File Import Dictionary File optional Option 572670102 200611112 Range i Limited Time jimi SS limitless me i Use Dictionary Command Detail OO ID List range Q9 ERE limited time limitless encrypted file 572670102 2005611112156 use dictionary no Get password saved to passwd info document Password Information Start Time d Limited Time Range Use Dictionary Encrypted File 1 11 2006 12 27 42 572670102 123456 3 26 0102 20056111121 i welcome to OO password cracker Copyright 2007 Decision Computer International Co Ltd 86 The section illustrates how to decr
58. or change any settings CA QQ_ Password Cracker DU Start Menu folder UU Password Cracker GUI Additional tasks Additional icons Create a desktop icon Copyright 2007 Decision Computer International Co Ltd 83 if Setup QQ Password Cracker GUI Completing the QQ Password Cracker GUI Setup Wizard Setup has finished installing GO Password Cracker GUI op your computer The application may be launched by selecting the installed icons Click Finish to exit Setup Ces Copyright 2007 Decision Computer International Co Ltd 84 Step 3 Decrypt the conversation Go to Export page to download the decrypted conversation file TM d RR H WE 2RORD INFORMATION Mie serio Inte 57260102 572670102 200611112156 572670102 Oe z00611112156 572454347 512464347 20061514378 ei AW Cem 200611112156 HD TEE 160 a TE 192162101 mt A A a Am dx wu L i Run the QQ cracker and import the decrypted file you just download at the previous step 2 QQ Password Cracker GUI Import Encrypted File We Limited Time limitless Use Dictionary F QQ ID List Password Information Start Time s welcome to QC password cracker Item statement Rest Encrypted File NK or button add or remove to run files Import Dictionary File Dictionary file records the general passwords which people may use If you have own dictionary file you can import it int
59. rt File Browse Submit Done KS S Internet To export WEP key File Download Do you want to open or save this File BS Mame wepkevlis csv Er Type Microsoft Office Excel Comma Separated Values Fil From 192 188 1 60 While files from the Internet can be useful some files can potentially harm pour computer IF you da nat trust the source do nat open ar save this File What s the risk WEP key search SG https 192 168 1 60 wireless search php PEE Wepkey Search DATE amp mol w bl v BSSID cubrrnit B ab Internet Copyright 2007 Decision Computer International Co Ltd 54 4 History This function shows the history of recorded APs and Stations and their respective details information such as BSSID channel data rate WEP key signal strength beacon and packets captured by Wireless E Detective systems and ESSID that has been saved or backup according to time Hard Disk Information 73G Used 7 9G Available 61G Available 88 f Capture import Wepkey History Work Log tds S Backup Time L Submit finish AP BSSID CH MB S WEPKEY STRENGTH BEACONS PACKETS ESSID 1 000A 794 DO 11 WEP E SE 2 DOAT7SSZZEDU 54 WEP 1 66 4 corega 4 UQODSSSLETFES H 11 OPN 6 1040 617 meeting 4 OC EZETEIEES5 11 54 WEP E 13 Q home wireless QOESD3s258TF7 4 WEP z 18 U sung amp 0
60. s 1 Users ID is cch926e hotmail com and chatters ID is she0430 hotmail com 2 Users ID is diesis ms62 hinet net and chatters ID is she0430 hotmail com 3 User s ID is liupeng19820923 hotmail com and chatter s ID is she0430 hotmail com Copyright 2007 Decision Computer International Co Ltd 36 Example 3 In User s ID of MSN ICQ YAHOO input two or three sets of user s IDs and don t input chatter s ID you may check either User s ID monitor end or Chatter s ID remote end or both of them 1 bany1013 hotmail com ariesO 24 msn com joe 3457 hotmail com MSN ACCOUNT 9 A SCREEN NAME v PARTICIPANTS L ICQ ACCOUNT 9 a CI SCREEN NAME PARTICIPANTS 1 YAHOO ACCOUNT gt Kei LISCREEN NAME PARTICIPANTS H QQ ACCOUNT 9 A C SCREEN NAME PARTICIPANTS URL San Search Reset Close Here is the searched data by criteria that s the data of user s ID OR chatter s ID bany1013 hotmail com OR aries0724 gmsn com OR joe 3457 Qhotmail com LEI a eldest WAN Melen L e xg ap E Lh i eil ENT D SOL 05 IS dl CI Wu Ie rao i Dos m uM rit mad run c A vein pt Ba sh 16 0n LE TET LL IRI Bc ging Bo uh E I HI H Hence it can be categorized into six combinations 1 User s ID is bany1013 hotmail com and any chatter s ID User s ID is aries0724 msn com and any chatter s ID User s ID is joe 345 7 hotmail com
61. symbol To remind users when those access points marked are online SCAN 10 e Showing the signal strength of access points and PCs Wireless Signal Detect Screen REFRESH TIME 3 ele MODE BSSID AP wl 00 15 E9 5D AE 13 STRENGTH 30 SIGNAL 95 dbm MANUAL AUTO 11 pume pump Two links present the exactly same user interface Set up the way to operate the ED system Left one is for operating manually another is for auto operating More detail is introduced later 12 Showing Nic card s information Nic Info Mac 00 02 2 D B8 60 49 Company Agere Systems P O Box 755 94930 At Nieuwegem Eriornatis The Netherlands NETHERLANDS Copyright 2007 Decision Computer International Co Ltd 47 13 BSSID The Mac address of access point 14 CH The channel number of access point 15 MB S Data transfer rate 16 STR The signal strength 17 BEA Information packed by BEA format for wireless transfer 18 PACKETS The number of packets transferred 19 ESSID The readable name of mac address for access point 20 SIA Display the PCs information by number of PC scanned or radio 21 WER One of security keys used to transfer information 22 WEF The security key goes with question mark means the system has not yet collected any packets from the Wireless AP Sta 23 OPN Means there is no security key involved in this packet
62. sys control setip php Microsof Seles FUNCTION ALL IN ONE 9 CAPTURE ANALYZER MANAGE IP Netmask Broadcast Gateway SEND FILE IP 182 158 1 5 Netmask 255 255 255 Device eth v Broadcast 182 168 1 255 Gateway 192 165 1 1 rJ um del AN del P2 By OT ho Fr C D LT D OO OO Oy E sen 2 K Au e igi LT LC Analyzer IP 182 158 1 80 Submit 2 E Internet Copyright 2007 Decision Computer International Co Ltd 62 ANALYZER Mode Receiver or Decoding End This setup is for double layer architecture Sender and Receiver ends ANALYZER is set at the receiver or decoding end Firstly set the configuration for the MANAGE setup Then complete the RECEIVER FILE configuration Press Submit to complete the configuration Sl https 192 168 1 60 sys control setip php Microsof Sele FUNCTION Cat IN ONE CAPTURE ANALYZER MANAGE 3 182 158 1 8 Hem ask 255 255 255 0 Device Broadcast 192 158 1 255 Gateway 192 158 1 1 RECEIVE FILE T 192 169 1 80 Netmask 255 255 255 Device Broadcast 1592 158 1 255 Gateway 182 158 1 1 Submit a L Internet Copyright 2007 Decision Computer International Co Ltd 63 2 HDD Usage The system displays HDD usage information which includes HDD capacity used space free space and ratio of free space E Detective System pops up a warni
63. to ISO format 3 Press Submit to create ISO format Press Delete to delete the raw data file The backup file is listed here when ISO file is generated Select the device to burn the data into CD Click this icon to save this backup into HD Press the button Burn CD to start processing or Delete to delete the NO oO FS file Hard Disk Information 736 Used 7 96 Available 61G Available el 88 S Backup Rawdata Backup Database STEP 1 Make ISO Backup Rawdata amp Unknow iso file size Me 1 PATH Idatasirawdata 2 WIRELESS O0 00 80 44 E7 F3 raw 170240167 56K ES 3 WIRELESS DD0D 88 44 E7 F3 raw 1170332209 60K P WIRELESS 00 11 95 DA 25 13 raw 1170405737 601M Rawdata File Name WIRELESS 00 11 95 DA25 13 raw 1170406098 184M submit Delete WIRELESS 00 11 95 DA 25 13 raw 1170425212 27M WIRELESS 00 11 95 DA 25 13_raw 1170428256 1 9M WIRELESS 00 11 95 DA 25 13 raw 1170428525 1 3M WIRELESS 00 11 95 DA 25 13 raw 1170408781 7 9M PATH datasifault UNKNOWN WIRELESS DU Um 4c ET F3 raw 1170332208 8 0K UNKNOWN VOIP WIRELESS 00 12 DE 21 18 75 raw 1161370826 7 6M Suhrmit Delete Unknow File Name 70420616 96K TC eee M UNKNOWN WIRELESS D0 0D 88 44 E7 F3 raw 1170429059 56K 70430147 8 0K UNKNOWN WIRELESS DID D Bs 44 EF F3 raw STEP 2 Burn ISO Burn Rawdata Iso File Choice raw Iso File Burn Query Iso File Choice backed ed
64. ts for obtaining the security key and whether use this function or not Wireless Inject Setup Seed 20 ins Submit Use gt Yes No Submit 3 Set up the max size per file for backup Wireless Rawdata file Size Setup S ZE mh Submit Remark Rawdata file size default is 600 ME 4 To alarm user when HD usage exceeds the threshold specified Upper limit of Hard Disk Size Setup Percent B0 c ubrmit 5 Set up how long to refresh the information scanned Scan Info Refresh Time Setup Time 5 em cubmit Copyright 2007 Decision Computer International Co Ltd 51 System is capable to start the wireless packet capturing and decoding process manually by user or automatically by pre setup configuration Figure below shows the configuration to be done for auto start capturing at defined data and time Amen aw He AP BSSID DO OCE OO DO OO OLI CLIENT MAC ESSID HGA 07 Sm OPN BERN START Raab 2007 07 01 m 59 HERRE 2007 07 31 23 59 EE Copyright 2007 Decision Computer International Co Ltd 52 2 Import This function imports captured information raw data in tcp dump format to the system for decoding purpose There are four sources of raw data to choose CD ROM USB drive HD and DETACH DETACH contains the currently captured raw data in Wireless E Detective system Press the button Read File the system displays the raw data information and
65. ubmit Correct Time Zone 48 wel Submit Copyright 2007 Decision Computer International Co Ltd 67 O Network Users List of network user is divided into three parts 1 On line IP information 2 List of logged in users 3 Nbns If you don t set up the list of network users Wireless E Detective will automatically search users and IPs on network and then perform sniffing and monitoring There is an upper limit on the number of sniffing computer depends on purchasing specification It might sniff unnecessary user s information if let the Wireless E Detective automatically retrieve user and IP Hence the list of network users can help administrator to specify which computer should be sniffed by Wireless E Detective Also it can help to set up computer and group name for convenient monitoring 1 On line IP information At first you need to add IP to display the IP to be retrieved and select group You may edit user s IP computer name group and the user s current status to be displayed on screen by the first section Create and Submit Different IP with PC Name can be created in different Group Online IP Info Login User List Nbns 9 Create Submit GROUPI 1 v Mo D di Status IP t PC NAME LAST TIME ISP GROUP 1 O 192 168 1 53 DDD Di GROUP 1 2 O 192 168 1 52 DEG Di GROUP 1 3 O 192 168 1 51 BBB Di GROUP 1 4 O O 192 168 1 50 AAA GROUP 1 TEET Count 4 Total 1 In page 1 Rows per page
66. warning policy Set Alarm Rule OFROM OTO OCC OBCC FTP SERVER IP FTP ACCOUNT 1 MSN ACCOUNT SCREEN NAME PARTICIPANTS 1 ICQ ACCOUNT SCREEN NAME PARTICIPANTS 1 YAHOO ACCOUNT SCREEN NAME PARTICIPANTS i QQ ACCOUNT gt SCREEN NAME JPARTICIPANTS URL Submit Close sample 00 0E 2E A3 7A 86 00 0E 2E A3 7A 86 www yahoo com au INFORM Email account at where to send the admin yahoo com warning FORWARD Email account at where to send the admin hotmail com warning Copyright 2007 Decision Computer International Co Ltd 40 Example Input IP address 192 168 1 20 on the IP field and service Qdecision com tw on the INFORM field Press the button submit The new rule is generated shown as the following Starting this rule right Findings now otherwise it will be appeared nere MENU Sei POPS 117 qu SMTP 4 Tw IMAP 4 FTE ISI Searching MSN POT function HO e activated in 2 hours To see the rule content Chacha IW CE E CB E it H i E HTTP DYNAMIC 4597 f WEBMAIL 308 EN WEBMAIL SENDER 97 US TELNET 12 La QO 3 Renew The alarming setup will renew in every hour time When administrator would like to View the Result it is advised to clic
67. ypt the decrypted file in order to see its conversation with the following diagrams input the ID amp password ite Dec Be Lipdaie Ho Li FileName LI palate d oO 572570002 123856 d Bad doe ewe Tatal 1 Toral Page 1 Cunen Page 1 Every Page O T Cor Dy e Sea T hups 192 168 1 203 qq qq mse php _IDX 1 Microsoft Internet Explorer fi tl e p E Le a B Date Time 2006 01 09 17 20 38 2006 01 09 17 20 38 2006 01 09 17 20 39 2006 01 09 17 20 38 2006 01 09 17 20 39 2006 01 09 17 20 38 2006 01 09 17 20 39 2006 01 09 17 20 38 2006 01 09 17 20 38 FW 101 Time 2006 01 User Handle Type 5 26 0102 5725 0102 5 26 0102 of 2db454 5 26 0102 415925842 4159280842 5725 0102 572570102 Le Gel Program roa Pease Core mandow then go to Update lnformamm Ia behe LEE EN close l ax StartTime EndTime Message Message Messaqehi Messaqelata Messaqehi Messagelt Ray 1c vie T Message S33 TIE Message t iss TIE Messages ke TI MessagetRet L L L ht nt Copyright 2007 Decision Computer International Co Ltd 87 The update page shows the decrypting procedures E https 192_168 1 203 QQ PASSWORD INFORMATION Microsoft Internet Explorer PEE _ 1 4 Ipdate Information Wate Time 2006 01 16 10 26 42 2006 01 16 10 26 42 2006 01 16 10 26 42 2006 01 16 10 26 42 2006 01 16 10 26 42 Mssezge Account 5726
Download Pdf Manuals
Related Search