[Dshield] WinPCap - CLARIFICATION

Shawn Berg shawn at saeweb.com
Tue Sep 9 13:50:50 GMT 2003


Thanks so much for the clarification.

Shawn

-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org]On
Behalf Of allwayson at yahoo.com
Sent: Monday, September 08, 2003 7:51 PM
To: General DShield Discussion List
Subject: RE: [Dshield] WinPCap - CLARIFICATION


shawn,

my appology, tom is correct. the driver will not tax
your system unless it is in use by a process that
calls it. now, once called, it sets your card into
promiscuous mode and as i said previously, depending
on the traffic flow and the pattern it will tax your
boxes.

;-)
p.

--- Tom Liston <tliston at premmag.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Unambiguous answer:
>
> Simply having winpcap installed will not load your
> system in any way.
>
> - -TL
>
> On 8 Sep 2003 at 14:39, Shawn Berg wrote:
>
> > The only thing I use WinPCap for is Ethereal. What
> I need to know is if
> > WinPCap will tax the system, NIC, etc. only when a
> program such as Ethereal
> > is using the driver, or always, even if no
> programs are using the WinPCap
> > driver. I seem to be getting conflicting answers
> from Brenden and
> > allwayson at yahoo.com (p.).
> >
> > Shawn
> >
> > -----Original Message-----
> > From: list-bounces at dshield.org
> [mailto:list-bounces at dshield.org]On
> > Behalf Of Brenden Walker
> > Sent: Friday, September 05, 2003 3:45 PM
> > To: 'General DShield Discussion List'
> > Subject: RE: [Dshield] WinPCap
> >
> >
> > Note that his question was if it would tax his
> system by simply installing
> > it, and the answer is no.
> >
> > When it's in use, yes.. Particularly if you put
> the NIC into promiscuous
> > mode.
> >
> > > -----Original Message-----
> > > From: allwayson at yahoo.com
> [mailto:allwayson at yahoo.com]
> > > Sent: Friday, September 05, 2003 11:05 AM
> > > To: General DShield Discussion List
> > > Subject: RE: [Dshield] WinPCap
> > >
> > >
> > > shawn,
> > >
> > > yes. winpcap will tax your boxes. how much
> depends on
> > > the amount of traffic it sees and the type of
> nic you
> > > are using in your servers.
> > >
> > > btw: to limit users from executing it, you can
> remove
> > > execute rights from that file/directory.
> > >
> > > just my $0.02,
> > >
> > > p.
> > >
> > > --- Shawn Berg <shawn at saeweb.com> wrote:
> > > > Nope that is not an issue. Thank you though
> for both
> > > > of your responses.
> > > >
> > > > Shawn
> > > >
> > > > -----Original Message-----
> > > > From: list-bounces at dshield.org
> [mailto:list-bounces at dshield.org]On
> > > > Behalf Of Guillaume Lederrey
> > > > Sent: Thursday, September 04, 2003 5:35 PM
> > > > To: General DShield Discussion List
> > > > Subject: RE: [Dshield] WinPCap
> > > >
> > > >
> > > > > > Anyone know if simply installing the
> WinPCap
> > > > driver (to use
> > > > > > programs such as ethereal to capture
> packets)
> > > > will tax the
> > > > > > NIC at all when it is not being used?
> Wanted to
> > > > check out
> > > > > > some traffic on a few servers but dont
> want to
> > > > install those
> > > > > > drivers if they will cause the
> computer/nic to
> > > > process
> > > > > > anything any slower.
> > > >
> > > >   I dont know any bandwidth issue, but I know
> there
> > > > was a bug (dont know
> > > > if it is closed) that allowed any user to
> sniff
> > > > packets once the driver
> > > > was loaded by "Administrator".  That might or
> might
> > > > not be an issue for
> > > > you ...
> > > >
> > > > 	Guillaume
> > > >
> > > > ---
> > > > Incoming mail is certified Virus Free.
> > > > Checked by AVG anti-virus system
> > > > (http://www.grisoft.com).
> > > > Version: 6.0.514 / Virus Database: 312 -
> Release
> > > > Date: 8/28/2003
> > > >
> > > > ---
> > > > Outgoing mail is certified Virus Free.
> > > > Checked by AVG anti-virus system
> > > > (http://www.grisoft.com).
> > > > Version: 6.0.515 / Virus Database: 313 -
> Release
> > > > Date: 9/1/2003
> > > >
> > > >
> _______________________________________________
> > > > list mailing list
> > > > list at dshield.org
> > > > To change your subscription options (or
> > > > unsubscribe), see:
> > > http://www.dshield.org/mailman/listinfo/list
> > >
> > >
> > > __________________________________
> > > Do you Yahoo!?
> > > Yahoo! SiteBuilder - Free, easy-to-use web site
> design
> > > software http://sitebuilder.yahoo.com
> > >
> > > _______________________________________________
> > > list mailing list
> > > list at dshield.org
> > > To change your subscription options (or
> unsubscribe), see:
> > > http://www.dshield.org/mailman/listinfo/list
> > >
> >
> > _______________________________________________
> > list mailing list
> > list at dshield.org
> > To change your subscription options (or
> unsubscribe), see:
> > http://www.dshield.org/mailman/listinfo/list
> > ---
> > Incoming mail is certified Virus Free.
> > Checked by AVG anti-virus system
> (http://www.grisoft.com).
> > Version: 6.0.515 / Virus Database: 313 - Release
> Date: 9/1/2003
> >
> > ---
> > Outgoing mail is certified Virus Free.
> > Checked by AVG anti-virus system
> (http://www.grisoft.com).
> > Version: 6.0.515 / Virus Database: 313 - Release
> Date: 9/1/2003
> >
> > _______________________________________________
> > list mailing list
> > list at dshield.org
> > To change your subscription options (or
> unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.0 -- QDPGP 2.70
> Comment: Public key -
> http://www.hackbusters.net/pgp.txt
>
>
iQA/AwUBP1zYYqOq/X4cwCZKEQI5ggCg+O1hlYZ6LOyDHk4M18aIjgGOV7gAoOaB
> PSoGocWcgwtwwQ5zNv3ZErGC
> =bI2t
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or
> unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.515 / Virus Database: 313 - Release Date: 9/1/2003

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.516 / Virus Database: 313 - Release Date: 9/1/2003




More information about the list mailing list