RE: Sniffing

From: Zachary Mutrux (zmutrux_at_compumentor.org)
Date: 12/16/03

Next message: Gideon Rasmussen, CISSP, CFSO, CFSA, SCSA: "Firewall Operations - Protecting a Critical System"

Previous message: Fernando Serto: "Re: dns daemon version"
In reply to: Shah H (Comp): "Sniffing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Security-Basics" <security-basics@securityfocus.com>
Date: Mon, 15 Dec 2003 17:35:43 -0800

The Perl script sniffer.pl on this page supposedly can be used to detect the
presence of the WinPcap driver, which is used by Ethereal, snort and other
packet sniffers. There are definitely sniffers that don't use WinPcap.

I haven't used this script. I also think it was designed for use on NT. No
idea if it actually works. I'd like to hear if anyone has had good
experience with this, however.

> 2) Can Sniffing be detected using a Network Intrusion
> Detection System and if yes then are there any Sniffing ways
> which are not detected by NDIS?

application/x-pkcs7-signature attachment: smime.p7s

Next message: Gideon Rasmussen, CISSP, CFSO, CFSA, SCSA: "Firewall Operations - Protecting a Critical System"

Previous message: Fernando Serto: "Re: dns daemon version"
In reply to: Shah H (Comp): "Sniffing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]