[Dshield] WinPCap

Shawn Berg shawn at saeweb.com
Mon Sep 8 18:39:53 GMT 2003


The only thing I use WinPCap for is Ethereal. What I need to know is if
WinPCap will tax the system, NIC, etc. only when a program such as Ethereal
is using the driver, or always, even if no programs are using the WinPCap
driver. I seem to be getting conflicting answers from Brenden and
allwayson at yahoo.com (p.).

Shawn

-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org]On
Behalf Of Brenden Walker
Sent: Friday, September 05, 2003 3:45 PM
To: 'General DShield Discussion List'
Subject: RE: [Dshield] WinPCap


Note that his question was if it would tax his system by simply installing
it, and the answer is no.

When it's in use, yes.. Particularly if you put the NIC into promiscuous
mode.

> -----Original Message-----
> From: allwayson at yahoo.com [mailto:allwayson at yahoo.com]
> Sent: Friday, September 05, 2003 11:05 AM
> To: General DShield Discussion List
> Subject: RE: [Dshield] WinPCap
>
>
> shawn,
>
> yes. winpcap will tax your boxes. how much depends on
> the amount of traffic it sees and the type of nic you
> are using in your servers.
>
> btw: to limit users from executing it, you can remove
> execute rights from that file/directory.
>
> just my $0.02,
>
> p.
>
> --- Shawn Berg <shawn at saeweb.com> wrote:
> > Nope that is not an issue. Thank you though for both
> > of your responses.
> >
> > Shawn
> >
> > -----Original Message-----
> > From: list-bounces at dshield.org [mailto:list-bounces at dshield.org]On
> > Behalf Of Guillaume Lederrey
> > Sent: Thursday, September 04, 2003 5:35 PM
> > To: General DShield Discussion List
> > Subject: RE: [Dshield] WinPCap
> >
> >
> > > > Anyone know if simply installing the WinPCap
> > driver (to use
> > > > programs such as ethereal to capture packets)
> > will tax the
> > > > NIC at all when it is not being used? Wanted to
> > check out
> > > > some traffic on a few servers but dont want to
> > install those
> > > > drivers if they will cause the computer/nic to
> > process
> > > > anything any slower.
> >
> >   I dont know any bandwidth issue, but I know there
> > was a bug (dont know
> > if it is closed) that allowed any user to sniff
> > packets once the driver
> > was loaded by "Administrator".  That might or might
> > not be an issue for
> > you ...
> >
> > 	Guillaume
> >
> > ---
> > Incoming mail is certified Virus Free.
> > Checked by AVG anti-virus system
> > (http://www.grisoft.com).
> > Version: 6.0.514 / Virus Database: 312 - Release
> > Date: 8/28/2003
> >
> > ---
> > Outgoing mail is certified Virus Free.
> > Checked by AVG anti-virus system
> > (http://www.grisoft.com).
> > Version: 6.0.515 / Virus Database: 313 - Release
> > Date: 9/1/2003
> >
> > _______________________________________________
> > list mailing list
> > list at dshield.org
> > To change your subscription options (or
> > unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
>
>
> __________________________________
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site design
> software http://sitebuilder.yahoo.com
>
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
>

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.515 / Virus Database: 313 - Release Date: 9/1/2003

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.515 / Virus Database: 313 - Release Date: 9/1/2003




More information about the list mailing list