Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: sniffersder Mouse (mouseCollatz.McRCIM.McGill.EDU)
Tue, 2 May 1995 07:56:20 -0400
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Jas: "Re: sniffers"
- Previous message: Dr. Frederick B. Cohen: "Re: Detecting a sniffer"
- Maybe in reply to: frodenyf-kraft.no: "sniffers"
- Next in thread: Dios: "Re: sniffers"
>> These are all good ideas, however many sniffers are not Unix systems >> that can be logged into and examined. I have worked with DOS based >> sniffers (Network General Sniffer, Excelan, HP, etc) that are far >> superior to suns (as sniffers/protocol analayzers) and I doubt that >> they are easily detectable even with their transmit lead intact. > I don't think the machine you run sniffer software on could make it > better or worse, they all get the same packets;) Not quite. Some machines designed as sniffers / network analyzers have special network interfaces that let them see things like packets with Ethernet CRC checksum errors, runts, giants, etc - stuff that most Ethernet interfaces either silently drop or just report the existence of. Also, the software on a dedicated machine has usually received a lot more attention to making it useful than the network sniffing software on a general-purpose machine. (Unfortunately, it generally is also completely fixed - you get what someone else thinks is useful, with no way to modify it to do what _you_ want done.) der Mouse mousecollatz.mcrcim.mcgill.edu