Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: sniffers
From: mouse () Collatz McRCIM McGill EDU (der Mouse)
Date: Tue, 2 May 1995 07:56:20 -0400


These are all good ideas, however many sniffers are not Unix systems
that can be logged into and examined.  I have worked with DOS based
sniffers (Network General Sniffer, Excelan, HP, etc) that are far
superior to suns (as sniffers/protocol analayzers) and I doubt that
they are easily detectable even with their transmit lead intact.

I don't think the machine you run sniffer software on could make it
better or worse, they all get the same packets;)

Not quite.  Some machines designed as sniffers / network analyzers have
special network interfaces that let them see things like packets with
Ethernet CRC checksum errors, runts, giants, etc - stuff that most
Ethernet interfaces either silently drop or just report the existence
of.

Also, the software on a dedicated machine has usually received a lot
more attention to making it useful than the network sniffing software
on a general-purpose machine.  (Unfortunately, it generally is also
completely fixed - you get what someone else thinks is useful, with no
way to modify it to do what _you_ want done.)

                                        der Mouse

                            mouse () collatz mcrcim mcgill edu



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]