Re: NGSEC's penetration test sniffer

From: The Blueberry (acr872k@hotmail.com)
Date: 09/30/02 

From: "The Blueberry" <acr872k@hotmail.com>
To: Anders.Thulin@kiconsulting.se, pen-test@securityfocus.com
Date: Sun, 29 Sep 2002 23:08:09 +0000

>[...] In particular it needs WinPcap to be installed. And,
>of course, you really need to be able to uninstall WinPcap once the
>job is finished.
>
> Or is it just that I haven't figured out how install and uninstall
>WinPCap using only a command line or batch interface?
>

Oh well I've already looked for that one and yes, the WinPCap driver is
[un]installable from the command line. They simply make it a bit harder (?)
to find how because of the multiple problems they get when everyone ships
his WinPCAP driver with their softwares. Basically, you have to copy npf.sys
to the system32\drivers folder and wpcap.dll+packet.dll to the system32
folder. Then, start any software/utility that uses WinPCap and when
packet.dll is loaded for the first time, it will make all what's necessary
(reg entries, service registration, etc.) for the driver to work. So a
simple batch file that copies the 3 files for the installation and for the
uninstallation, a net stop npf, instsrv npf remove and the deletion of the 3
files works fine. The driver must not be loaded while the uninstallation
(WPcap team: correct me if I'm wrong on that one). Also, be sure that you
use the proper file versions for packet.dll and npf.sys. Hope that helps!!

~TB

_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail.
http://www.hotmail.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages

  • Re: Secure.dcom.exe
    ... I should also explain that in the context of the question asked, that installing a ethereal + winpcap, maybe a reboot etc.. ... > To: Lee Evans ... > quickly install on the host locally to decode the ... The contents of this message are to be used for the intended purpose only and are to be kept confidential at all times. ...
    (Incidents)
  • Re: WinPCap
    ... If I suddenly found msword.exe on my computer and didn't install it I would ... WinPCap is legitimate software that adds "the ability to capture and send ... The change affects many legitimate software vendors as well as ...
    (microsoft.public.security.virus)
  • Re: Add/Remove Programs failure
    ... > While logged on as Administrator and trying to Remove a WinPcap program, ... > similarly-named files exist for other applications. ... > I was able to successfully install WinPcap 3.1 and the application that ...
    (microsoft.public.win2000.general)
  • Re: NGSECs penetration test sniffer
    ... > There is another commandline sniffer available, ... In particular it needs WinPcap to be installed. ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • RE: winpcap issues with using multiple products at the same time
    ... dont install it 3 times, install ONE time, and all those programs work from ... install Snort -skip the section of any instructions that say install winpcap ...
    (Security-Basics)