Originally posted here by os1
Stand alone refers to the computer runs as only a packet sniffer....They should always be passive (collecting data) rather than transmitting data. Non stand-alone means that the packet sniffer would be installed on a normal computer.
ok.. but how non stand-alone can be discovered by other? isn't it a computer that runs onli as a packet sniffer is a normal computer? hm.. sorry still dont quite understand what u r trying to say..

Originally posted here by PuReExcTacy



There are network sniffers that work together on multiple computers, that sniff traffic on different parts of the network (normally segmented by routers).

Standalone basically means exactly what it sounds like, just or only one.


--PuRe
"A stand-alone sniffer doesn't transmit any packets, but when installed non-standalone on a normal computer, the sniffing program will often generate traffic. For example, it might send out DNS reverse lookups in order to find names associated with IP addresses.

Non-standalone sniffers are indeed what you want to detect. When crackers/hackers invade machines, they often install sniffing programs. You want to be able to detect this happening."

Standalon means what? is it not on a network? then what can i sniff?
'but installed non-standalone on a normal computer' how do u define non-standalone? so is it telling mi that i need to install a sniffer into a server?