Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Question about Sniffer in Windows

from [Leslie D. Bennett] Network Security [Permanent Link]
Subject: Re: Question about Sniffer in Windows
Date: Sat, 16 Sep 2006 15:36:28 -0500 (CDT) 
That's exactly why sniffers typically require driver installation.  The
short version is that as of SP2, the NDIS drivers that ship with XP no
longer forward traffic captured in promiscuous mode to userland code using
the standard NDIS API.  Rather, the NDIS stack filters the captured
packets and culls out ones that are neither broadcast traffic nor directed
to that host computer.  The architecture obviously still supports
promiscuous-mode packet capturing, but only via custom drivers.  The same
is true for generation of raw sockets.

~Dathan


David Litchfield (NGSSoftware) wrote a raw packet sniffer that did not
need
a driver installed, but I don't think it works post SP2 after Microsoft
caved into pressure from crazed Gibson-ites and disabled it.  You might
want
to see if it works for you...

t


On 9/15/06 4:50 PM, "ricci@cse.ust.hk" <ricci@cse.ust.hk> spoketh to all:


Hello All,

I would like to ask why sniffer in Windows that capture data packet
requires installation of drivers?

Is there any sniffer that can be used for capturing data packet without
installation of drivers into Windows OS?

Please advise.

Ricci


---------------------------------------------------------------------------
---------------------------------------------------------------------------







---------------------------------------------------------------------------
---------------------------------------------------------------------------




---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: windump on browsing of shared folders across vpn in winxp, Denis Jedig
Next by Date:  RE: Question about Sniffer in Windows, t666
Previous by Thread:  Re: Question about Sniffer in Windows, Thor (Hammer of God)
Next by Thread:  RE: Question about Sniffer in Windows, t666
Indexes:  [Date] [Thread] [Top] [All Lists]