Winpcap and Port Explorer

Discussion in 'Port Explorer' started by johnsin, Jul 14, 2006.

Thread Status:
Not open for further replies.
  1. johnsin

    johnsin Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    1
    Hi I'm using Port Explorer 2.110 and was wondering if I am vunerable and whether Port Explorer can detect any sort of activity from a program such as winpcap.

    I'm a bit worried because my spyware program today pointed me to some entries of winpcap in my computer with a level of severe. I'm not really sure what those entries mean but if someone could clarify if those entries mean that I'm being monitored remotely and if so can they bypass my firewall (Zone Alarm) and go undetected by port explorer as well?

    The entries that prompted me to send this message were:
    http://img220.imageshack.us/my.php?image=winpcap3vt.jpg

    If someone could guide me on what those entries mean and what I should be doing to resolve this and if my computer has been monitored, using the tool.
    Kind Regards
    JS
     
  2. beads

    beads Registered Member

    Joined:
    Jun 1, 2005
    Posts:
    49
    johnsin;

    Winpcap can be used by any number of different apps but most likely nmap or Ethereal, likewise any number of other packet sniffing executables.

    I have both Nmap and Ethereal loaded on this machine and have never had any spyware/malware sensors even blink at my entries to the registry though your image suggests a number of similiar entries back to back.

    Could you tell us what winpcap might be used for in this instance? Its difficult to duplicate all the variables with this information. Starting up Ethereal or Nmap doesn't seem to immediately raise any flags in PE on this station as far as winpcap is concerned. Checking the registry did not alert me to anything I am not already, likewise aware.

    Another way to check to be certain that your not leaking data would be to monitor any outgoing packets, especially when the machine is idle. There are numerous programs (also free) that do this from the sys tray as well, though you could use PE to do this as well it would be easier than using Ethereal, by monitoring outgoing traffic only or PE and doing much the same. Even watching your firewall manager could concievably do this for you if you were patient. Well, that might require a bit too much patience. LOL

    Just need some more specific details so I or someone else on the board can duplicate the problem.

    - beads
     
Thread Status:
Not open for further replies.