Ethereal

[Ethereal-users] Sniffing for Viruses
Google
 
Web Ethereal.com

Home | Introduction | Documentation | Lists | FAQ | Development | Wiki | Bugs

Main Index | Thread Index | Mailing Lists | | Date Prev | Date Next | Thread Prev | Thread Next

Ethereal-users: November 2003

Hey can I use Ethereal to sniff for virus traffic on a network?? I can currently using the succession of ARP Requests from the same host to consecutive IPs as an indication of RPC works like Welchia… Is this method fool-proof.. what else might send out packets like that?? I ask because I am still seeing these packets on a system I know was patched and cleaned out…

 

What are some other filters I can use for virus traffic??

 

Thanks

Powered by MHonArc 2.6.10

Please send support questions about Ethereal to the ethereal-users[AT]ethereal.com mailing list.
For corrections/additions/suggestions for this web page (and not Ethereal support questions), please send email to ethereal-web[AT]ethereal.com.
Last modified: Fri, November 10 2006.
"Ethereal" and the "e" logo are registered trademarks of Ethereal, Inc.