packet sniffers

Discussion in 'other firewalls' started by chris2busy, Apr 7, 2008.

Thread Status:
Not open for further replies.
  1. chris2busy

    chris2busy Registered Member

    Joined:
    Jun 14, 2007
    Posts:
    477
    hello...i would like to hear recommendations about such programms..i had recently cleaned my sister's laptop but i have no idea if the cleaners actually deleted the bad guys so i would like to check any outbound packets..

    and please if u know any that would be not to hard to understand since i rarely have over 20 mins free time :/
    thanx in advance
     
  2. Dogtag

    Dogtag Registered Member

    Joined:
    Jul 23, 2007
    Posts:
    22
    Hi chris

    Wire Shark is a good place to start.
     
  3. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Wireshark would certainly be the right solution if you're after packet "sniffing" (checking packet header & contents), but if you simply wish to check if the outbound connections are made then freebies like TCPview or CurrPorts would suffice.
    Also, keep in mind that the possible leftover "bad guys" would want to do other things except calling out.
     
  4. chris2busy

    chris2busy Registered Member

    Joined:
    Jun 14, 2007
    Posts:
    477
    i am aware but as i said my time is limited and its easier to create a few firewall rules than do some hours of cleaning or even formatting(my sis would kill me if i even dared to suggest format).
     
  5. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    You can't trust the sniffing done on a suspect machine. Malware may have hooked/patched the network stack.
    You should sniff from a clean machine.
     
  6. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    You might try running Gmer, its a root kit detector. Honestly, to me packet sniffing seems like a round about means of detection.
     
  7. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hello,
    You could try tcpdump, wireshark, weplab...
    Mrk
     
  8. daniel2007

    daniel2007 Registered Member

    Joined:
    Feb 14, 2008
    Posts:
    25
    I like and use Microsoft Network Monitor v3.1 (free) and Wireshark (free) and use both of them to do just what you are suggesting.

    ZoneAlarm (free) basic firewall will also serve as a "sniffer" of sorts by doing this: run your machine as usual, connect to the net as usual and then click on the ZA "engage internet lock" feature. Within seconds you will see all the programs that are already dialing out and those that do so on an occasional basis. Additionally you can see the full path and allow "lock pass" for those that are safe. It's a good way to audit your i/o traffic.
     
Thread Status:
Not open for further replies.