Wireshark · Ethereal-users: Re: [Ethereal-users] Sniffing for Viruses

Ethereal-users: Re: [Ethereal-users] Sniffing for Viruses

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Robert O. Whitesell" <rowmath@xxxxxxxxxxx>

Date: Tue, 4 Nov 2003 10:18:46 -0500

Much to my pleasure I have just found out that ethereal ships with RH 8.0 and above. It is SWEET!

----- Original Message -----

From: Nick J Marques

To: ethereal-users@xxxxxxxxxxxx

Sent: Tuesday, November 04, 2003 12:48 AM

Subject: [Ethereal-users] Sniffing for Viruses

Hey can I use Ethereal to sniff for virus traffic on a network?? I can currently using the succession of ARP Requests from the same host to consecutive IPs as an indication of RPC works like Welchia Is this method fool-proof.. what else might send out packets like that?? I ask because I am still seeing these packets on a system I know was patched and cleaned out

What are some other filters I can use for virus traffic??

Thanks

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users

References:
- [Ethereal-users] Sniffing for Viruses
  - From: Nick J Marques

Prev by Date: [Ethereal-users] problem with ethereal in win98 se with dsl
Next by Date: Re: [Ethereal-users] Sniffing for Viruses
Previous by thread: [Ethereal-users] Sniffing for Viruses
Next by thread: [Ethereal-users] Sniffing for Viruses
Index(es):
- Date
- Thread