Naviscope Spyware??

I had no problem setting up WinPcap 2.1, but when I tried to open Ethereal setup 0.9.5 exe I got an error message that says that it is not a valid Win32 application. It won't open it. My OS is Win98se 4.10.2222 A.

I then downloaded it again, from the Local Archive for Win 98 etc., Win32 Binary. When I tried to open it, got the same error message again. Is this one of those weird things where it must have Microsoft's Seal of Approval or it won't open it? I understand that Microsoft helped develop it in the first place! I use Star Downloader and it hasn't made any errors in its downloads. (Excuse my language but this is a bummer!)

Any help with this will be most graciously accepted, valued and appreciated. Thank you.

Also, I will continue until I get what I need for this. As Paul said, I don't give up easily. snowman suggested XPsniffer, but he had no url for it. I'll search for it.

 

Almost there! I got a link to sourceforge from Tom Porterfield at Aumha/Windows Support Center.

I did as instructed and downloaded it. I also got some info from TomCat, very useful!

Ethereal also responded.

I will load it all up first thing tomorrow morning!

I put all these links here in case anyone else wants to take a shot at this. (And also to show I've been doing my homework!)

 

(Sorry. I fixed it.) Better D.i.ck than Dick!

TomCat also responded about the (possible?) connection to Northeasthomes.com.

A red-herring? We'll know soon enough!

 

**an off-topic note **


Prince......noticed your statement about med and high settings in ZA........imo you should be able to set everything to "High" an never experience any problems....I've used the high setting for years under all sorts of circumstances...with all sort of programs...both with dial-up and cable.....never had any problem..........as you know I just went with cable..the cable provider can't "find" me according to their tech support.....silly people....the ports are simply stealth...nothing complicated about that....personally if I have to lower my setting to use a product..that in itself puts my red flags flying...

snowman

 

I think the problem is the way my ISP set up our Intranet. If I put my Local Settings to High, they are blindfold and so am I. Nothing happens. Cannot make connections. I tried it. It was agony. I played and fiddled with all my settings until I was satisfied. I'd like it to all be on high, but it just doesn't work with our LAN/Intranet.

Houston? We have lift-off! The SourceForge Link Ethereal really works! Opened and loaded it this morning. Now...what does this do?...??...OOPS...oh-oh...

 

Hi all! It's working at last! I'm so happy! I discovered that my instructions were wrong. I was searching for the .inf file so I could link the WinPcap per "Crash Course in Packet Sniffing" and this is completely unnecessary! I have often said that I like programs which are designed for usefulness without me having to program them. This feature has been included in the latest release of WinPcap. It no longer needs to be installed in the Network Connections List of Adapters. It's automatic. Yes! (So, for two weeks I banged head on wall for nothing!) Next time I will be more likely to toss the intructions. Now begins the arduous task of filtering.

 

Glad to hear it, P_S! Please keep us informed! Pete

 

Hi All! Just to update you. I am now sniffing at regular intervals for TCP/IP info between my Naviscope 8.70 and their website (216.157.91.36). I could sure use a lot of help interpreting the data. I know how to set up filters on it (mostly). It takes out the drudgery. I will keep you posted as soon as anything develops.

 

Thank you for allowing me to post a sample, Paul! Ethereal is like a spreadsheet. I have two shots, kinda big. I hope that's alright. (Check out the Test Forum. I made some new and small postings.) Cannot do it yet. Bigger than 100 Kb. I'll try to shrink it or add smaller shots. A few moments...

I really like Irfan Viewer! Fast!

 

Page 2 (other half on right, same lines, resized to 65%):

Note: In this capture there were 5342 packets. Of those, 159 were packets with 216.157.91.36. Also, Atomic Nist Clock is turned off in Naviscope. These shots are filtered.

 

Hi Guys and Wilders Women!

I am an unabashed beginner at packet-sniffing. I am gradually learning how and what to do with the Ethereal Program. Naviscope 8.70 does communicate with 216.157.91.36. How do I discern the Windows ID or Registry number in the packets? (If it's there!)

I tried asking TomCat but they said they had already given that info to three people at Wilders. Could one of them please step forward and lend a hand?

TIP: If you have a firewall that lets you make changes then BLOCK communications with 216.157.91.36 if you also use Naviscope any version. It will then be unable to phone-home!

Thanks in advance!

 

I finally tried Naviscope

and the addy it tries to connect to on my computer is.

time-b.nist.gov

It seems to have some issues with Outpost Firewall also.

Is this software still being developed or has development stopped?
I see no new posts at the sites forum.

 

Hi contoler! Turn off your Naviscope Atomic Clock (NIST) and try again. I checked your addy up there and found this site:

http://nist.time.gov

You want to have a good time, eh? LOL!

 

Interesting sidelight. If you put 216.157.91.36 into your address bar you get the Naviscope site offering v8.69 (the one that phones home to that address). However, if you do a whois search of the same address at D-Shield you are told it belongs to northeasthomes.com. When I tried putting northeasthomes in my address bar I get a FORBIDDEN page. Interesting, yes?

 

However, you can't get anything but Naviscope v8.70 from the d/l page.

As an aside, I get this when running 'northeasthomes.com' through Karens URL Dis cumbobulator:

http://2130706433/

but I don't know where the periods go on that since it's not displaying them to check that one out further.

I've already blocked the other three given on the first page of this thread, but that's not one of them. Pete

 

If this is correct we get

213.070.64.33

** 8/12/2002 8:05:14 AM - Lookup Started **
1 address
mailhost.seab-mura.com

 

Hi spy1! Is the opening download page for v8.69 just a dummy? I find v8.70 is also now available on that site but at further pages (click on left menu). Be that as it may, is it possible that there are two addresses, one in IIEv4 and the other in v6?

 

P_S - They never updated the main page. It says v8.69 on the main page, but you actually get v8.7 for the d/l.

Or at least that's the way it worked for me. Pete