[Dshield] WinPCap

Tom Liston tliston at premmag.com
Mon Sep 8 19:28:34 GMT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Unambiguous answer:

Simply having winpcap installed will not load your system in any way.

- -TL

On 8 Sep 2003 at 14:39, Shawn Berg wrote:

> The only thing I use WinPCap for is Ethereal. What I need to know is if
> WinPCap will tax the system, NIC, etc. only when a program such as Ethereal
> is using the driver, or always, even if no programs are using the WinPCap
> driver. I seem to be getting conflicting answers from Brenden and
> allwayson at yahoo.com (p.).
> 
> Shawn
> 
> -----Original Message-----
> From: list-bounces at dshield.org [mailto:list-bounces at dshield.org]On
> Behalf Of Brenden Walker
> Sent: Friday, September 05, 2003 3:45 PM
> To: 'General DShield Discussion List'
> Subject: RE: [Dshield] WinPCap
> 
> 
> Note that his question was if it would tax his system by simply installing
> it, and the answer is no.
> 
> When it's in use, yes.. Particularly if you put the NIC into promiscuous
> mode.
> 
> > -----Original Message-----
> > From: allwayson at yahoo.com [mailto:allwayson at yahoo.com]
> > Sent: Friday, September 05, 2003 11:05 AM
> > To: General DShield Discussion List
> > Subject: RE: [Dshield] WinPCap
> >
> >
> > shawn,
> >
> > yes. winpcap will tax your boxes. how much depends on
> > the amount of traffic it sees and the type of nic you
> > are using in your servers.
> >
> > btw: to limit users from executing it, you can remove
> > execute rights from that file/directory.
> >
> > just my $0.02,
> >
> > p.
> >
> > --- Shawn Berg <shawn at saeweb.com> wrote:
> > > Nope that is not an issue. Thank you though for both
> > > of your responses.
> > >
> > > Shawn
> > >
> > > -----Original Message-----
> > > From: list-bounces at dshield.org [mailto:list-bounces at dshield.org]On
> > > Behalf Of Guillaume Lederrey
> > > Sent: Thursday, September 04, 2003 5:35 PM
> > > To: General DShield Discussion List
> > > Subject: RE: [Dshield] WinPCap
> > >
> > >
> > > > > Anyone know if simply installing the WinPCap
> > > driver (to use
> > > > > programs such as ethereal to capture packets)
> > > will tax the
> > > > > NIC at all when it is not being used? Wanted to
> > > check out
> > > > > some traffic on a few servers but dont want to
> > > install those
> > > > > drivers if they will cause the computer/nic to
> > > process
> > > > > anything any slower.
> > >
> > >   I dont know any bandwidth issue, but I know there
> > > was a bug (dont know
> > > if it is closed) that allowed any user to sniff
> > > packets once the driver
> > > was loaded by "Administrator".  That might or might
> > > not be an issue for
> > > you ...
> > >
> > > 	Guillaume
> > >
> > > ---
> > > Incoming mail is certified Virus Free.
> > > Checked by AVG anti-virus system
> > > (http://www.grisoft.com).
> > > Version: 6.0.514 / Virus Database: 312 - Release
> > > Date: 8/28/2003
> > >
> > > ---
> > > Outgoing mail is certified Virus Free.
> > > Checked by AVG anti-virus system
> > > (http://www.grisoft.com).
> > > Version: 6.0.515 / Virus Database: 313 - Release
> > > Date: 9/1/2003
> > >
> > > _______________________________________________
> > > list mailing list
> > > list at dshield.org
> > > To change your subscription options (or
> > > unsubscribe), see:
> > http://www.dshield.org/mailman/listinfo/list
> >
> >
> > __________________________________
> > Do you Yahoo!?
> > Yahoo! SiteBuilder - Free, easy-to-use web site design
> > software http://sitebuilder.yahoo.com
> >
> > _______________________________________________
> > list mailing list
> > list at dshield.org
> > To change your subscription options (or unsubscribe), see:
> > http://www.dshield.org/mailman/listinfo/list
> >
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.515 / Virus Database: 313 - Release Date: 9/1/2003
> 
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.515 / Virus Database: 313 - Release Date: 9/1/2003
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list



-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0 -- QDPGP 2.70 
Comment: Public key - http://www.hackbusters.net/pgp.txt

iQA/AwUBP1zYYqOq/X4cwCZKEQI5ggCg+O1hlYZ6LOyDHk4M18aIjgGOV7gAoOaB
PSoGocWcgwtwwQ5zNv3ZErGC
=bI2t
-----END PGP SIGNATURE-----




More information about the list mailing list