packet sniffers

hello...i would like to hear recommendations about such programms..i had recently cleaned my sister's laptop but i have no idea if the cleaners actually deleted the bad guys so i would like to check any outbound packets..

and please if u know any that would be not to hard to understand since i rarely have over 20 mins free time :/
thanx in advance

 

Hi chris

Wire Shark is a good place to start.

 

Wireshark would certainly be the right solution if you're after packet "sniffing" (checking packet header & contents), but if you simply wish to check if the outbound connections are made then freebies like TCPview or CurrPorts would suffice.
Also, keep in mind that the possible leftover "bad guys" would want to do other things except calling out.

 

i am aware but as i said my time is limited and its easier to create a few firewall rules than do some hours of cleaning or even formatting(my sis would kill me if i even dared to suggest format).

 

You can't trust the sniffing done on a suspect machine. Malware may have hooked/patched the network stack.
You should sniff from a clean machine.

 

You might try running Gmer, its a root kit detector. Honestly, to me packet sniffing seems like a round about means of detection.

 

Hello,
You could try tcpdump, wireshark, weplab...
Mrk

 

I like and use Microsoft Network Monitor v3.1 (free) and Wireshark (free) and use both of them to do just what you are suggesting.

ZoneAlarm (free) basic firewall will also serve as a "sniffer" of sorts by doing this: run your machine as usual, connect to the net as usual and then click on the ZA "engage internet lock" feature. Within seconds you will see all the programs that are already dialing out and those that do so on an occasional basis. Additionally you can see the full path and allow "lock pass" for those that are safe. It's a good way to audit your i/o traffic.