RE: Sniffing

From: Zachary Mutrux (zmutrux_at_compumentor.org)
Date: 12/16/03

  • Next message: Gideon Rasmussen, CISSP, CFSO, CFSA, SCSA: "Firewall Operations - Protecting a Critical System"
    To: "Security-Basics" <security-basics@securityfocus.com>
    Date: Mon, 15 Dec 2003 17:35:43 -0800
    
    
    

    The Perl script sniffer.pl on this page supposedly can be used to detect the
    presence of the WinPcap driver, which is used by Ethereal, snort and other
    packet sniffers. There are definitely sniffers that don't use WinPcap.

    I haven't used this script. I also think it was designed for use on NT. No
    idea if it actually works. I'd like to hear if anyone has had good
    experience with this, however.

    zm

    > 2) Can Sniffing be detected using a Network Intrusion
    > Detection System and if yes then are there any Sniffing ways
    > which are not detected by NDIS?

    
    



  • Next message: Gideon Rasmussen, CISSP, CFSO, CFSA, SCSA: "Firewall Operations - Protecting a Critical System"