-
June 26th, 2003, 03:38 PM
#1
Senior Member
sniffer..
"A stand-alone packet sniffer doesn't transmit any packets, but when installed non-standalone on a normal computer, the sniffing program will often generate traffic. For example, it might send out DNS reverse lookups in order to find names associated with IP addresses."
from http://www.robertgraham.com/pubs/sniffing-faq.html -- sention 2.5..
what does it meant by stand-alone packet sniffer and non-standalone one?
-
June 26th, 2003, 04:04 PM
#2
Stand alone refers to the computer runs as only a packet sniffer....They should always be passive (collecting data) rather than transmitting data. Non stand-alone means that the packet sniffer would be installed on a normal computer.
-
June 26th, 2003, 05:39 PM
#3
Penguin here is a nice link I found on sniffers, it covers a lot.
http://www.wimvincken.com/IPMediatio...fing_intro.htm
I hope that helps. It has cleared up a lot of questions I had about sniffers, I hope it does the same for you.
Guidance...
- The mind is too beautiful to waste...
Cutty
-
June 26th, 2003, 05:53 PM
#4
In practice it is unusual for a sniffer (IDS, say) to do DNS resolution in real time - it simply takes too long. There's also a risk of creating feedback loops.
It is good practice to use a different interface for any management, DNS resolution etc, from sniffing. It will usually be on a different network, and often be behind a firewall.
So detection of a passive sniffer is really very difficult. However, we've done this topic a few months ago already.
-
June 26th, 2003, 08:29 PM
#5
Re: sniffer..
Originally posted here by Penguin
what does it meant by stand-alone packet sniffer and non-standalone one?
There are network sniffers that work together on multiple computers, that sniff traffic on different parts of the network (normally segmented by routers).
Standalone basically means exactly what it sounds like, just or only one.
--PuRe
-
June 26th, 2003, 11:29 PM
#6
Senior Member
Originally posted here by os1
Stand alone refers to the computer runs as only a packet sniffer....They should always be passive (collecting data) rather than transmitting data. Non stand-alone means that the packet sniffer would be installed on a normal computer.
ok.. but how non stand-alone can be discovered by other? isn't it a computer that runs onli as a packet sniffer is a normal computer? hm.. sorry still dont quite understand what u r trying to say..
Originally posted here by PuReExcTacy
There are network sniffers that work together on multiple computers, that sniff traffic on different parts of the network (normally segmented by routers).
Standalone basically means exactly what it sounds like, just or only one.
--PuRe
"A stand-alone sniffer doesn't transmit any packets, but when installed non-standalone on a normal computer, the sniffing program will often generate traffic. For example, it might send out DNS reverse lookups in order to find names associated with IP addresses.
Non-standalone sniffers are indeed what you want to detect. When crackers/hackers invade machines, they often install sniffing programs. You want to be able to detect this happening."
Standalon means what? is it not on a network? then what can i sniff?
'but installed non-standalone on a normal computer' how do u define non-standalone? so is it telling mi that i need to install a sniffer into a server?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|