[Dshield] WinPCap - CLARIFICATION

Brenden Walker BKWalker at DRBSystems.com
Tue Sep 9 12:47:04 GMT 2003


More clarification ;-)..

WinPCap only sets the card into Promiscuous mode (AFAIK) if you actually set
that parameter.

> -----Original Message-----
> From: allwayson at yahoo.com [mailto:allwayson at yahoo.com] 
> Sent: Monday, September 08, 2003 7:51 PM
> To: General DShield Discussion List
> Subject: RE: [Dshield] WinPCap - CLARIFICATION
> 
> 
> shawn,
> 
> my appology, tom is correct. the driver will not tax
> your system unless it is in use by a process that
> calls it. now, once called, it sets your card into
> promiscuous mode and as i said previously, depending
> on the traffic flow and the pattern it will tax your
> boxes.
> 
> ;-)
> p.
> 
> --- Tom Liston <tliston at premmag.com> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > Unambiguous answer:
> > 
> > Simply having winpcap installed will not load your
> > system in any way.
> > 
> > - -TL
> > 
> > On 8 Sep 2003 at 14:39, Shawn Berg wrote:
> > 
> > > The only thing I use WinPCap for is Ethereal. What
> > I need to know is if
> > > WinPCap will tax the system, NIC, etc. only when a
> > program such as Ethereal
> > > is using the driver, or always, even if no
> > programs are using the WinPCap
> > > driver. I seem to be getting conflicting answers
> > from Brenden and
> > > allwayson at yahoo.com (p.).
> > > 
> > > Shawn
> > > 
> > > -----Original Message-----
> > > From: list-bounces at dshield.org
> > [mailto:list-bounces at dshield.org]On
> > > Behalf Of Brenden Walker
> > > Sent: Friday, September 05, 2003 3:45 PM
> > > To: 'General DShield Discussion List'
> > > Subject: RE: [Dshield] WinPCap
> > > 
> > > 
> > > Note that his question was if it would tax his
> > system by simply installing
> > > it, and the answer is no.
> > > 
> > > When it's in use, yes.. Particularly if you put
> > the NIC into promiscuous
> > > mode.
> > > 
> > > > -----Original Message-----
> > > > From: allwayson at yahoo.com
> > [mailto:allwayson at yahoo.com]
> > > > Sent: Friday, September 05, 2003 11:05 AM
> > > > To: General DShield Discussion List
> > > > Subject: RE: [Dshield] WinPCap
> > > >
> > > >
> > > > shawn,
> > > >
> > > > yes. winpcap will tax your boxes. how much
> > depends on
> > > > the amount of traffic it sees and the type of
> > nic you
> > > > are using in your servers.
> > > >
> > > > btw: to limit users from executing it, you can
> > remove
> > > > execute rights from that file/directory.
> > > >
> > > > just my $0.02,
> > > >
> > > > p.
> > > >
> > > > --- Shawn Berg <shawn at saeweb.com> wrote:
> > > > > Nope that is not an issue. Thank you though
> > for both
> > > > > of your responses.
> > > > >
> > > > > Shawn
> > > > >
> > > > > -----Original Message-----
> > > > > From: list-bounces at dshield.org
> > [mailto:list-bounces at dshield.org]On
> > > > > Behalf Of Guillaume Lederrey
> > > > > Sent: Thursday, September 04, 2003 5:35 PM
> > > > > To: General DShield Discussion List
> > > > > Subject: RE: [Dshield] WinPCap
> > > > >
> > > > >
> > > > > > > Anyone know if simply installing the
> > WinPCap
> > > > > driver (to use
> > > > > > > programs such as ethereal to capture
> > packets)
> > > > > will tax the
> > > > > > > NIC at all when it is not being used?
> > Wanted to
> > > > > check out
> > > > > > > some traffic on a few servers but dont
> > want to
> > > > > install those
> > > > > > > drivers if they will cause the
> > computer/nic to
> > > > > process
> > > > > > > anything any slower.
> > > > >
> > > > >   I dont know any bandwidth issue, but I know
> > there
> > > > > was a bug (dont know
> > > > > if it is closed) that allowed any user to
> > sniff
> > > > > packets once the driver
> > > > > was loaded by "Administrator".  That might or
> > might
> > > > > not be an issue for
> > > > > you ...
> > > > >
> > > > > 	Guillaume
> > > > >
> > > > > ---
> > > > > Incoming mail is certified Virus Free.
> > > > > Checked by AVG anti-virus system (http://www.grisoft.com).
> > > > > Version: 6.0.514 / Virus Database: 312 -
> > Release
> > > > > Date: 8/28/2003
> > > > >
> > > > > ---
> > > > > Outgoing mail is certified Virus Free.
> > > > > Checked by AVG anti-virus system (http://www.grisoft.com).
> > > > > Version: 6.0.515 / Virus Database: 313 -
> > Release
> > > > > Date: 9/1/2003
> > > > >
> > > > >
> > _______________________________________________
> > > > > list mailing list
> > > > > list at dshield.org
> > > > > To change your subscription options (or
> > > > > unsubscribe), see:
> > > > http://www.dshield.org/mailman/listinfo/list
> > > >
> > > >
> > > > __________________________________
> > > > Do you Yahoo!?
> > > > Yahoo! SiteBuilder - Free, easy-to-use web site
> > design
> > > > software http://sitebuilder.yahoo.com
> > > >
> > > > _______________________________________________
> > > > list mailing list
> > > > list at dshield.org
> > > > To change your subscription options (or
> > unsubscribe), see:
> > > > http://www.dshield.org/mailman/listinfo/list
> > > >
> > > 
> > > _______________________________________________
> > > list mailing list
> > > list at dshield.org
> > > To change your subscription options (or
> > unsubscribe), see:
> > > http://www.dshield.org/mailman/listinfo/list
> > > ---
> > > Incoming mail is certified Virus Free.
> > > Checked by AVG anti-virus system
> > (http://www.grisoft.com).
> > > Version: 6.0.515 / Virus Database: 313 - Release
> > Date: 9/1/2003
> > > 
> > > ---
> > > Outgoing mail is certified Virus Free.
> > > Checked by AVG anti-virus system
> > (http://www.grisoft.com).
> > > Version: 6.0.515 / Virus Database: 313 - Release
> > Date: 9/1/2003
> > > 
> > > _______________________________________________
> > > list mailing list
> > > list at dshield.org
> > > To change your subscription options (or
> > unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
> > 
> > 
> > 
> > -----BEGIN PGP SIGNATURE-----
> > Version: PGP 8.0 -- QDPGP 2.70
> > Comment: Public key -
> > http://www.hackbusters.net/pgp.txt
> > 
> >
> iQA/AwUBP1zYYqOq/X4cwCZKEQI5ggCg+O1hlYZ6LOyDHk4M18aIjgGOV7gAoOaB
> > PSoGocWcgwtwwQ5zNv3ZErGC
> > =bI2t
> > -----END PGP SIGNATURE-----
> > 
> > _______________________________________________
> > list mailing list
> > list at dshield.org
> > To change your subscription options (or
> > unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> 
> 
> __________________________________
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site design 
> software http://sitebuilder.yahoo.com
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: 
> http://www.dshield.org/mailman/listinfo/list
> 




More information about the list mailing list