Slashdot Mirror

If you actually want to see the MAC addresses on a network being broadcast quite clearly try using ethereal. It's also educationamable.

(1.) A moving target. Ubuntu has two large releases with complete ly different packages a year.

Ubuntu has a major release (LTS) every two years. Interim releases are every six months. Yes, it is a challenge to migrate from, say Feisty to Intrepid, since you're going from one interim release to another while skipping several, including an LTS release. But the move from Dapper to Hardy (LTS-to-LTS) was really quite smooth.

(2.) A deeply fractured target. Sure, let's say Linux actually does have 5% desktop marketshare. What is that, 60% Ubuntu, 30% Fedora, 10% everyone else?

Source is source is source, and as such can be made to compile on the platform of your choice. If it's a production environment, you would have it set up with the standard kit of tools, meaning every major app you'd want would compile, or more likely, would be available as a package via apt, rpm, yum, etc.

Share of specific distro doesn't really matter. Ethereal, for example, is available precompiled as an rpm for Red Hat and derivatives. This doesn't stop you from giving the rpm a go on a non-RH system, or just compiling.

It sure didn't stop me from compiling on Ubuntu.

The point is that beyond the toolset and underlying architecture (which already is standard), a 'standard' Linux distro is not just unnecessary but completely contrary to what the whole thing is about.

For specific reasons, I run Ubuntu on my netbook, CentOS on my Myth system, and Debian on my server at work. Yet the same applications work on all three.

Yet at work I still have to fire up DOSBox from time to time to access a legacy database system that simply does not work under XP's cmd.exe.

So keep thinking what you're thinking. The buggy-whip industry is sure to bounce back by early next year once the market figures out that slower, clunkier, more expensive, and inherently incompatible is really the better option.

Back in the real world, I work a a pretty small company that currently runs about a dozen MS Servers. I expect that within two years we'll be down to one or two, or none at all. I do not think we're alone.

Workaround solution: make multiple captures and merge them - see http://www.ethereal.com/docs/man-pages/mergecap.1.html

In other news, experts have revealed that water is scarily wet, the sun is frighteningly hot, and occasionally rain terrifyingly falls from the sky. We'll interrupt your surfing with more news as it unfolds. Meanwhile, please continue to tremble in fear of the obvious.

I was wondering if there is any way for me to log these TCP reset requests.

The Errata sniffer, dubbed Ferret, packs more punch than other network sniffers already available, such as Ethereal and Kismet, because it looks at so many different protocols, Graham said. Some at Black Hat called it a "network sniffer on steroids."

Oh Wowsers! DHCP, SNMP, DNS and HTTP! That's so many! It's a shame Ethereal can only look at these!

> How secure is any password transmitted over the wire in plaintext?

Unless the government is tapping the wire, just as secure as one sent encrypted.

Ethereal is a nice program that let's you monitor network traffick. It has helped me solve many network problems by letting me see what the machines are actually saying to each other; it does this by capturing all the packets (optionally filtered) in the network segment the machine running it is located in.

So, here's the correct form: "Plaintext is as secure as encrypted, unless the government or any other entity that has control over any machine in any network segment the packets travel through is tapping the wire." That's an unkown (but large) number of unkown variables that can break your security.

And of course you're talking about the government, but there's several governments that might gain access to the packets. It isn't enough to be able to trust your own, you have to be able to trust every government on the planet - and none of them seem particularly trustworthy to me.

So use the encryption, Luke, or you shall meet your destiny.

Ethereal.org is definitely not a packet capture utility. Ethereal.com is what's sniffing the glue that holds the internet together.

There are times when, after the fact, I want to find out what communications with the internet took place around a certain time. Like when I get called in to remove malware from a friend's PC. I can tell from the install date/time on the malware's directory, etc. when it came in. I'd like to be able to work from that to find out what was going on around that time to see what got it started.

Is there a program that logs all accesses to the internet FROM MY PC? A web server typically logs all requests that come into it. I'm looking for something that provides a similar log for my PC.

• - Date and Time (e.g. 20060607_212955)
• - DNS Name (e.g. slashdot.org)
• - IP Addr (e.g. [66.35.250.150])
• - Port (e.g. 80)
• - Status Code (e.g. 200, 404, ?????)
• - Application path (e.g. "C:\Program Files\Mozilla Firefox\firefox.exe")
• - etc.

The reason for the DNS Name and IP Address is that I have a slew of entries in my HOSTS file to redirect "Bad" sites to home. See: http://www.mvps.org/winhelp2002/hosts.zip. This log would allow me to track when attempts to these blocked addresses were attempted. A log with a gazillion 127.0.0.1 entries isn't much help; logging the domain name that got looked up and which resulted in the 127.0.0.1 would be much more help.

I suppose I could launch Ethereal Network Protocol Analyzer but it seems to put quite a load onto my system and I am concerned the overhead may cause it to drop packets. Maybe I'm not configuring it right (any suggestions for a lightweight install?). Or, is there a smaller, less resource-intensive application which can do this for me?

If such a simple thing existed, and were widely implemented, I suspect applications phoning home would be detected much sooner.

I'm not sure about Flash 8, but what I used to do is use Ethereal to look at the HTTP traffic when the video player first initiates the connection. You can get a direct link to the FLV that contains the video this way and use FFMPEG to convert the FLV to some other format. Of course, you need to have Flash installed for this to work.

... or just run ethereal or tcpdump on your local machine to watch outgoing packets. or just watch from your firewall. You are overcomplicating things. :) or maybe you are just paranoid enough. ;)

If I was working for the RIAA, this is what I would do...

First, I'd use a filesharing app to search for offending items. I pick a file and start downloading. Then, I'd run Ethereal to determine the IP address of the person I'm connected to.

If you do that a whole bunch of times, you may start to see trends. If I had to guess, I'd say they saw a lot of IP addresses coming from University networks and took appropriate action.

Just noticed the screenshot on the McAfee page for W95/CTX. It shows some dlls from the Ethereal program as being infected. Of course those files are in their complete list of affected files, which comes in a convenient easily accesible PDF file as all the most important documents on the web should. It's 7 pages long, but an amusing list to skim through.

Who uses Ethereal and McAfee? Just found that funny/ironic on some levels.

All the time. Your email is boring.
http://store.ethereal.com/emailshirt.html

As a basic sort of testing phase, do it all on one computer. This eliminates all possible network errors that can occur. I'm assuming this is meant to be huge so maybe the bugs you speak of result from multiple machines fouling each other up. Either way, let's talk debugging strategies!

Also, as I recall from my days of drudgery at college, create tons of output.

So I will suggest as a preliminary requirement that you create a nice logging system (if you haven't done so already). I haven't written much C# so I'm going to be talking abstractly. Hopefully the rest of Slashdot can help with the specifics to C#. Now, what I mean is that you should create a class that just creates an output log file that you can read for output later. I don't mean to put a message for every packet sent but maybe it wouldn't hurt to put a message for each stream or connection opened. It's going to help for you to generate random IDs for each call and to put the destination/receiving IP:Port in your log. This would most likely be helpful with a server. It also will be helpful to store printlns in your code (redirect standard out to the logger).

Now use this on every machine in the system. If one machine should start to give you problems, create a mutual exclusion on this log (or put all of the log entries in critical regions). In Java, you can use object locks or the synchronized keyword--in C# I'm pretty sure they have something similar. Just because it's not a GUI doesn't mean you can't record output.

Just a friendly warning, time stamping is usually worthless unless you have a logical network (i.e. a Lamport Clock) clock scheme set up (which usually requires lots of time on one's hands). You could shoot for an NTP server but I wouldn't trust the accuracy past 500 ms. If you absolutely need a clock scheme, I recommend having one machine on the network tick tock an increasing number that is reflected in all the logs. Make the time between ticks adjustable--this way you'll be able to check out events roughly relevant to these ticks (assuming the time it takes to get there is similar).

In the end, your best tool is your brain. Designing tests and double checking the logs on each machine to see that the linear time sequence of relative events is correct. Logic will be your only friend in this journey. Don't be afraid to kick off more threads on the client side if they don't need to share resources. If you have a server side, be careful in how many threads you have and make sure you realize what memory scope they're limited to.

For the love of god, if you use ports--don't forget to free them when you're done using them!

Unfortunately, Nornir is not OSS ... yet. Their papers may be of use to you, however. If you're having problems with packets on either end, use my good friend ethereal.

Good luck! Happy debugging!

so why the focus on getting the bare binary to run under Rosetta, rather than the .app bundle?

Because some software for OS X might not have all its executables as apps run from .app bundle. It might include daemons, or it might include command-line apps.

(One of the apps I'm involved with has a command-line app and an X11-based GUI app, and has, in the past, had code contributed to it that broke when run on big-endian machines. Being able to test both the big-endian and little-endian versions on a MacIntel would be useful. That might be useful for some commercial apps, too.)

If this is true, I'd expect to see more FBI guys wearing these.

what cheap or free monitoring options are there available . . .

If the network is the issue, the cheapest and simplest is a good laptop running Ethereal or Snort. Also pick up (or scrounge up) a dumb hub and if possible a fiber tap, since you're probably running in a mixed-media switched infrastructure (or maybe you're not - hence the problems :) ). If you want to get fancy you can buy span or rspan capable switches which will let you mirror traffic from individual ports or Vlans to a single management station port (in which case you can just use a desktop).

This should go withot saying, but those packet captures will be useless unless you know WHERE each mac address is on the network. That said:

1) maintain reliable L1/L2/L3 mappings
2) Tag both ends of long cables and make sure all wallports are numbered, and
3) beat the shit out of anyone who brings personal equipment in and plugs it in. It screws up your records and is probably less secure.

Another great way to learn about your network is to install a packet sniffer like Ethereal. Capture some packets, pick a random one, and try to figure out what the hell it's for.

For the advanced version of the game, do something specific (bring a DHCP machine up; do an FTP transfer; surf a web site) and write down what you think goes on on the network. Then capture the packets and see how close you can get.

By learning what a network looks like when it's working normally, you'll have a much better chance of figuring out problems when they happen.

tethereal, the often overlooked text version of Ethereal, is a better tcpdump than tcpdump. Like tcpdump it uses libpcap, so you can still use all your tcpdump filters. It reads and writes many sniffer formats as well as being a great packet capture tool. Here's the man page: http://www.ethereal.com/docs/man-pages/tethereal.1 .html

I love, love, love tcpdump and Ethereal. It's like an MRI for network issues. It has answered more WTF questions for me than anything else.

Similarly, strace and ltrace let me see what a program is up to on the local system, printing out a dump of every system or library call. Its invaluable when confronted with some mysterious error message: you can see exactly what the program was up to just before it barfed.

That isn't to say that all traffic is bad traffic. Most of the time that traffic you're seeing isn't YOUR traffic. Its the traffic of all the other computers on the network talking with yours. This isn't a bad thing. Its typical of a large network. You'll have lots of computers talking to each other to let each other know when something changes. For instance, a new computer comes online and has to get an ip address. Usually it doesn't know where to get an ip address, so it sends out a broadcast to all computers on the network (yours too). Your computer sees these, but ignores them because you're not the computer giving out ip addresses. Sometimes its more along the lines of "Hello, my name is JoeUsersPC."

If you're alone on your network, (ie behind a router/firewall) then you shouldn't see much traffic other than your computer chatting with the router/firewall. Your router/firewall should block out most of the noise (and that's what most of it is - noise). Contact your cable/dsl company to see if your cable modem or dsl modem has a firewall built in if you're not sure. If, however, you're seeing lots of traffic on typical IRC ports (6997-6999) to typical irc servers (irc.somethinghere.net) and you don't have any programs open, then you're likely a zombie.

By the way, ethereal is located here. Its probably too advanced for the first article submitter, however. I would suggest looking at netstat at the command prompt first.

BTW, the funniest Adsense I saw was on the Hulk'in Lunar Eclipse page where ads were offering Lunar Real Estate for Sale

The funniest one I saw was on the FAQ on the Ethereal Web site, wherein the references to "Fibre Channel" and "Fibre Distributed Data Interface" in the list of protocols it can dissect once provoked Google to put an ad up for a product that does contain fibre, but it's not in the product to help unclog your data network, if you know what I mean and I think you do....

(At this point, it appears that WildPackets has paid a trillion or so dollars to make sure they're the only thing advertised when you go to any page on the Ethereal Web site, so you no longer get ads for Colon Blow(TM).)

What tools and methods are the best practice when trying to use Linux and Open Source to analyze and fix a network?

• Nagios
• Snort
• ethereal
• dsniff (not updated in ages)
• ncat
• nmap
• nessus v 2 (or one of the forks of version 3)
• SARA

But yeah, on the wider Windows stuff, it comes from the wider open source community, and isn't Linux only (eg. things like Inkscape, Ethereal, Orbiter, Celestia, Blender, ...). They're all stand-outs, and they'll all either still be here with us in 20 years, or some better open-source software will have surpassed them.

Go ahead and run Ethereal if you're paranoid... you'll see that the only network activity performed by my app is the downloading of this jpeg.

Expensive option:Empirx Hammer XMS. It does all of the above with a nice web interface plus it gives you RTP quality metrics like r-factor and MOS. It's not cheap, but I've used and it does a good job (it is basically a SuSE Linux box with some networking gear running their network monitoring software).

All of the above I have tested only with SIP/RTP traffic. If you youse MGCP or H.323, I can't personally vouch for either of the above solutions, though both support them.

Jeez. I can (theoretically) sniff packets and I don't even need a court order. Just a copy of ethereal, nmap and nessus, none of which I have ever used or have any experience with. But as pointed out, a packet of encoded fluff doesn't do me, or the government, a lot of good, unless one of us has a way of decoding it in near-real time, and my secret decoder ring only goes to 32 bit.

I can't really see what google (or anyone for that matter) can really do to accelerate web content on broadband connections. [...] There is no good reason to sign up for this.

The reason you're skeptical is because you don't know as much about the Internet as google does.

When you download a web page on your 6Mbps cable modem, do you think it instanly goes to 6Mbps throughput, transfers the page, and then drops to zero? It doesn't. The efficiency *decreases* as your connection gets faster (which is why google does not claim to speed up slow connections - there's little room for improvement). Here's why:

The TCP stack under your browser starts by establishing a connection (3 way handshake). Then it sends a packet with the HTTP request. Finally after those long round trip times of basically doing nothing, your browser starts receiving HTML. As the HTML comes in, the process repeats for the embedded stuff (images). If you have a fast link (and especially if the server is far away), your link spends a lot of time doing nothing while connections are established and transactions take place.

By routing your connection through google, many efficiencies can be gained. These are listed in, of all places TFA. It's not just caching, either. Prefetching, for example, is a trick where their servers will start requesting and transferring the images within a web page, even before your browser has requested them. Since the HTML already went through google's proxy, they know what your browser is going to request before your browser does.

So instead of just pooh-poohing it because you don't understand the technology, why don't you go download a copy of Ethereal, which will let you see these tricks in action. Then you can offer us a more educated opinion based on empirical fact, instead of a long diatribe amounting to "I don't understand how it works, therefore it sucks".

ethereal...

Yes it exists, but it's not real time, it's cached.

If your competitors are lounging at Google Building 43 eighteen hours a day and can keep a lookout for your "secret" search string among the umpteen bajillion other request scrolling by ("Paris Hilton Video", "Britney Spears", "Rubber Baby Buggy Bumpers", et al) then you are indeed fucked.

Personaly, I'd prefer to use Ethereal on your unprotected WiFi home network, but that's just me.

Google's cache does throw off web stats somewhat. Run a protocol analyzer such as ethereal and view a cached page through Google, if you click the "cached text only" link, you will notice that your computer never talks to the source box. So you can browse anonymously, I use it at work to get around those pesky proxies...

With GTK, you are tied to X, [...]

And, for GTK on Linux without X, you can run SDL... as there has been some work on getting the two working together.

It seems to me like innovative and experimental software is very commonplace in OSS. Unfortunately, a lot of it doesn't get noticed as it is never rolled into a "usable" product. Tempest, a radio broadcaster using CRT, is a good example.

Another obvious place where OSS seems to innovate is in low level networking programs. Ettercap is absolutely brilliant, for instance, and Ethereal is exceedingly useful as well. Perhaps these were created in part because they were necessary to write compatible higher level software to interoperate with other systems. Also, their internationally developed and non-profit nature might make their authors more likely to tread into "legally questionable" territory than a commercial venture would dare.

Despite the relative lack quality Linux-based music and audio software, there are definitely some innovative tools in this area as well, such as Csound, SuperCollider, and TaoSynth, which provide very interesting programmatic sound modeling possibilities. These programs wouldn't be generally useful to musicians, which is perhaps why they haven't been developed as closed-source commercial products, but for the somewhat rare musician-hackers out there, they're very interesting indeed.

There's plenty of innovation in open source. The only thing is, most of it is so niche that it's hard to hear of it.

Ethereal, nmap, and snort always get the job done for me.

On a side note, look at the possibilities, if two terrorists were having a conversation, Google could suggest cheap arms depots.

Exactly - Google Ads in the empty spaces in your phone conversations. (I think there was a company in Sweden, a few years ago, that offered free phone service with an ad when you picked up the phone to make a call.)

Of course, Google Ads aren't always relevant, given that words can be used in more than one context; you stand a good chance of getting an ad for a laxative full of fib{er,re} when you go to the Ethereal FAQ, courtesy of the list of supported protocols containing the phrase "Fibre Channel" - no guarantees you'll get an Herbal Fiberblend ad, but they do pop up quite often. (The fact that it's called "AIM Herbal Fiberblend" might help, given that AIM is also mentioned in that list.)

What's up with tcpdump and friends, snort, kismet, bsd-airtools and ethereal anyway?

Microsoft Windows Services for Unix. It should be named Unix Services for Windows, but whatever. Provides a development environment superior in many ways to Cygwin's.

MetaPad. Great Notepad replacement; no bells and whistles, but a few useful additions.

Ethereal. An Ethernet sniffer, useful for debugging problems and snooping on your neighbors.

WinCVS. GUI front end for CVS client.

ZipGenius (http://www.zipgenius.it/) - If you've used WinZip then this is the best freeware to compare with it.
XnView (http://www.xnview.com/) - prefer this to Irfanview as a graphics editor.
Ethereal (http://www.ethereal.com/) - network sniffer.
Calc98 (http://www.calculator.org/download.html) - better calculator than the default Windows' version.
CDBurnerXP (http://www.cdburnerxp.se/) - Full featured freeware CD burning software package.
Crimson Editor (http://www.crimsoneditor.com/) - ultimate notepad replacement.
Max's HTML Beauty (http://www.htmlbeauty.com/) - full featured HTML editor.

And of course nonags.com is one of the first places I check for these kinds of things.

You don't know what any of these programs are sending, or how often they send it.

I don't see why this has to be at the kernel level - why not just make programs that use kioslave functions instead of open() (or whatever)?

Because

1. the program you want to use might already have been made, and you don't want to have to convert it, or have somebody convert it, to use KIO (it might not even be a KDE program - neither cat nor grep are, on most systems);
2. your application randomly access the file (I don't see anything immediately obvious in the KDE I/O Architecture document that indicates that you can open a file and seek around in it and read from arbitrary offsets);
3. your application is supposed to work without KDE (and even if, as, and when a KDE version of that particular application is done, it'll still have non-KDE versions, e.g. for Windows);

etc..

Not only that, but some protocols are very slow or don't work with directories well, and wouldn't be sutable to be treated like local folders.

Which ones?

Putting this in the kernel is asking for a lot more root (and not just user) exploits.

OK, then how about just putting FUSE or lufs in the kernel and doing the bulk of the work in user space? (That's how OS X's ftpfs and webdavfs work - they have "stub" file systems in the kernel that talk to user-mode daemons; heck, the "stub" file system for ftpfs is called "the NFS client", and the user-mode daemon is a user-mode NFS server on a port other than 2049.)

And finally, everything that uses traditional system calls would have to be modified considerably or there will no doubt be many expolits found for them.

And the reason why adding a new file system type makes that true is?

I don't see why this has to be at the kernel level - why not just make programs that use kioslave functions instead of open() (or whatever)?

Because

1. the program you want to use might already have been made, and you don't want to have to convert it, or have somebody convert it, to use KIO (it might not even be a KDE program - neither cat nor grep are, on most systems);
2. your application randomly access the file (I don't see anything immediately obvious in the KDE I/O Architecture document that indicates that you can open a file and seek around in it and read from arbitrary offsets);
3. your application is supposed to work without KDE (and even if, as, and when a KDE version of that particular application is done, it'll still have non-KDE versions, e.g. for Windows);

etc..

Not only that, but some protocols are very slow or don't work with directories well, and wouldn't be sutable to be treated like local folders.

Which ones?

Putting this in the kernel is asking for a lot more root (and not just user) exploits.

OK, then how about just putting FUSE or lufs in the kernel and doing the bulk of the work in user space? (That's how OS X's ftpfs and webdavfs work - they have "stub" file systems in the kernel that talk to user-mode daemons; heck, the "stub" file system for ftpfs is called "the NFS client", and the user-mode daemon is a user-mode NFS server on a port other than 2049.)

And finally, everything that uses traditional system calls would have to be modified considerably or there will no doubt be many expolits found for them.

And the reason why adding a new file system type makes that true is?

There's a equivalent (free) tool for Internet Explorer called Fiddler. In addition to viewing HTTP traffic it has a framework for programatically 'fiddling' with requests and responses.

Ethereal will let you view HTTP traffic regardless of which browser you are using, however it takes a bit of getting used to.

Nonetheless, if you're using Firefox, LiveHTTPHeaders is definitely the way to go.

Ethereal's website is ethereal.com, not ethereal.org.

Just in case his site gets /.'ed, here is his impressive list of links. - Jonah Hex in non-karma whore mode.
Downloads
Linux Wipe Tools: Three shell scripts for securely wiping all data from the swap partition, wiping unused disk space on the root partition, or wiping an entire disk, by Thomas C. Greene.

No Messenger: A batch file that eliminates Windows Messenger and fixes the problem of Outlook Express loading slowly when Messenger is absent, by an anonymous friend of The Register.

FileCheck MD5: A free, simple, lightweight MD5 utility for Windows, courtesy of Brandon Staggs.

Errata: A text file containing my various blunders and ommissions in the book (right-click and "save as," or view as HTML). Last updated 6 June 2004.

Links to Other Goodies
Mozilla: A free, open source Web browser and e-mail client for Linux and Windows, feature rich and far more secure than Internet Explorer and Outlook Express. Recommended for novices.

Firefox: A free, open source, stand-alone Web browser for Linux and Windows. Very light and fast. Recommended for intermediate users.

Thunderbird: A free, open source e-mail and news client for Linux and Windows. Recommended for intermediate users.

GnuPG: Gnu Privacy Guard; a free, open source replacement for PGP, for Windows and Linux.

WinPT: Windows Privacy Tools; a free, open source GUI frontend to GnuPG for Windows.

Anonymizer: Various services for anonymous Web surfing, e-mail, chat, etc.

OpenSSH: A free, open source SSH (Secure Shell) client and server for Windows and Linux.

PuTTY: A free, open source GUI frontend to OpenSSH for Windows.

Ethereal: A free, open source network traffic analyzer for Windows and Linux. Windows users will need to install WinPcap before installing Ethereal.

Ad-Aware: A free, closed source adware/spyware scanner for Windows.

SpyBot Search & Destroy: A free, closed source adware/spyware scanner for Windows.

Sam Spade: CGI gateways to numerous online tools, such as whois, traceroute, etc.

SourceForge: A vast repository of open-source software for Windows and Linux. The site can be overwhelming, but it has a search engine to help users locate packages.

GNU Project: The home base of the open source movement. A repository of open source products, chiefly for UNIX-compatible systems.

Security Information
About Internet/Network Security: An informative and useful site dealing with computer and Internet security, with reviews of security products and books, practical howtos and tips, and links to numerous tools and information resources, geared toward beginners and intermediate users.

SANS Institute: An educational and research organization with a vast archive of security research documents, news, and advisories, geared toward intermediate and advanced users.

CERT/CC: Computer Emergency Response Team Coordination Cente

I've yet to find an open source tool that can show a "matrix" graph of source and destination talkers by MAC/IP/IPX name in realtime as found in Sniffer. Other tools show some of this information, but do not render the same graphical display (chords of a circle) as Sniffer.

With ethereal there's to do this with snapshots using graphviz, but not realtime...

I agree, too.

Sure, portability is great and all, but a lot of portable code really doesn't feel that nice to use. Ever used Ethereal?. It's powerful. It's cross-platform. But the GUI is terrible, especially if you are used to the "solid" feel of most Windows applications. It's easy enough to use and understand, but it just doesn't "feel" right. And like it or not, feel is a pretty important component of the end-user experience.

Another case in point: don't you just cringe when you load up a big application that was written in Java? Sure, you can run it anywhere, but it feels like silly putty.

If Microsoft and other large developers spent all their time worrying about making code cross-platform, I think we'd get a lot more apps that look like this. Cool, but not very pleasant to use.

Typical MS bullshit. Windows itself is a spyware. Various windows components send loads of info back to home. Just think of internet explorer, windows media player and windows update.

Its easy to see when data is transmitted, just install ethereal or any other packet sniffer. You may see what is transmitted but sometimes it is encrypted.

Many commercial software also phones home like adobe acrobat, winamp and any software that uses compulsory registration. Even my deskjet 610 drivers contains registration nagware that transmit data back to HP, i had to manually edit the registry to get rid of it.

I soon realized that the only two ways i could live without being spied upon is using only open source software or disconnect from the internet. I use OpenBSD's ssh authenticating gateway to prevent my windows computer from reaching the internet. Windows does not provide any ssh client so it cannot try to bruteforce my password

• OpenSSL - support program
• OpenSSH - connections in and out
• Mutt - email
• nmap - scanning tool
• libpcap - support library
• Ethereal - network sniffer
• mtr (Matt's TraceRoute) - trace problems
• whois (ARIN compatible) - find where the problems are
• tf (tinyfugue) - BBS client
• mangband - multiplayer ascii game

I always install Fprot antivirus, ethereal, nmap, and gftp. Installation of linux isn't complete without these tools. I use Nmap to test the firewalls on my network, Ethereal to look for unwanted traffic or communication problems behind my router, and gFTP is a nice GUI FTP client that never seems to come with default installs. Although, Linux isn't as susceptible to virus and trojan issues, it's nice to at least have a scanner available.