Results 1 to 6 of 6

Thread: sniffer..

  1. #1
    Senior Member
    Join Date
    Dec 2002
    Posts
    144

    Question sniffer..

    "A stand-alone packet sniffer doesn't transmit any packets, but when installed non-standalone on a normal computer, the sniffing program will often generate traffic. For example, it might send out DNS reverse lookups in order to find names associated with IP addresses."

    from http://www.robertgraham.com/pubs/sniffing-faq.html -- sention 2.5..
    what does it meant by stand-alone packet sniffer and non-standalone one?
    BlAcKiE
    GearBlitz

  2. #2
    Member
    Join Date
    Jun 2002
    Posts
    44
    Stand alone refers to the computer runs as only a packet sniffer....They should always be passive (collecting data) rather than transmitting data. Non stand-alone means that the packet sniffer would be installed on a normal computer.
    Os1LaYr5

  3. #3
    Senior Member
    Join Date
    Jul 2002
    Posts
    315
    Penguin here is a nice link I found on sniffers, it covers a lot.

    http://www.wimvincken.com/IPMediatio...fing_intro.htm

    I hope that helps. It has cleared up a lot of questions I had about sniffers, I hope it does the same for you.

    Guidance...
    - The mind is too beautiful to waste...
    Cutty


  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    In practice it is unusual for a sniffer (IDS, say) to do DNS resolution in real time - it simply takes too long. There's also a risk of creating feedback loops.

    It is good practice to use a different interface for any management, DNS resolution etc, from sniffing. It will usually be on a different network, and often be behind a firewall.

    So detection of a passive sniffer is really very difficult. However, we've done this topic a few months ago already.

  5. #5
    Senior Member
    Join Date
    Mar 2003
    Posts
    452

    Re: sniffer..

    Originally posted here by Penguin

    what does it meant by stand-alone packet sniffer and non-standalone one?

    There are network sniffers that work together on multiple computers, that sniff traffic on different parts of the network (normally segmented by routers).

    Standalone basically means exactly what it sounds like, just or only one.


    --PuRe
    Like this post? Visit PuRe\'s Information Technology Community. We\'ve also got some kick ass Technology Forums. Shop for books and dvds on LiveWebShop.com

  6. #6
    Senior Member
    Join Date
    Dec 2002
    Posts
    144
    Originally posted here by os1
    Stand alone refers to the computer runs as only a packet sniffer....They should always be passive (collecting data) rather than transmitting data. Non stand-alone means that the packet sniffer would be installed on a normal computer.
    ok.. but how non stand-alone can be discovered by other? isn't it a computer that runs onli as a packet sniffer is a normal computer? hm.. sorry still dont quite understand what u r trying to say..

    Originally posted here by PuReExcTacy



    There are network sniffers that work together on multiple computers, that sniff traffic on different parts of the network (normally segmented by routers).

    Standalone basically means exactly what it sounds like, just or only one.


    --PuRe
    "A stand-alone sniffer doesn't transmit any packets, but when installed non-standalone on a normal computer, the sniffing program will often generate traffic. For example, it might send out DNS reverse lookups in order to find names associated with IP addresses.

    Non-standalone sniffers are indeed what you want to detect. When crackers/hackers invade machines, they often install sniffing programs. You want to be able to detect this happening."

    Standalon means what? is it not on a network? then what can i sniff?
    'but installed non-standalone on a normal computer' how do u define non-standalone? so is it telling mi that i need to install a sniffer into a server?
    BlAcKiE
    GearBlitz

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •