Frequently Asked Questions

 < Day Day Up > 



The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the concepts presented in this chapter and to assist you with real-life implementation of these concepts. To have your questions about this chapter answered by the author, browse to www.syngress.com/solutions and click on the “Ask the Author” form. You will also gain access to thousands of other FAQs at ITFAQnet.com.

1. 

Why is it that when I right-click on some of my packets the “Follow TCP Stream” options is grayed out?

the underlying protocol that you are trying to reconstruct does not use tcp for its connection method. it may use the connectionless udp method for its transmission.

2. 

Can I use Ethereal to discover a trojan that is being sent to someone on my network?

no, ethereal can only be used to discover the active use of the backdoor access program that the trojan installs. to ethereal, or any network analyzer, the transmission of the trojan will appear to be a regular executable file.

3. 

Can I use Ethereal to discover a virus that is being sent to someone on my network?

no, like a trojan, the transmission of a virus will look like a regular executable or some other type of file. ethereal will not be able to tell that the file is infected.

4. 

Are there network activities that will falsely resemble network scanning attacks?

yes, there are lots of activities that will resemble network scans. a client program that is automatically searching for a server at startup may continue to send tcp syn packets to the target address. often multiple and rapid tcp connection that are associated with ftp and http downloads also resemble network scan attacks and trigger alarms.

Answers

1. 

The underlying protocol that you are trying to reconstruct does not use TCP for its connection method. It may use the connectionless UDP method for its transmission.

2. 

No, Ethereal can only be used to discover the active use of the backdoor access program that the trojan installs. To Ethereal, or any network analyzer, the transmission of the trojan will appear to be a regular executable file.

3. 

No, like a trojan, the transmission of a virus will look like a regular executable or some other type of file. Ethereal will not be able to tell that the file is infected.

4. 

Yes, there are lots of activities that will resemble network scans. A client program that is automatically searching for a server at startup may continue to send TCP SYN packets to the target address. Often multiple and rapid TCP connection that are associated with FTP and HTTP downloads also resemble network scan attacks and trigger alarms.



 < Day Day Up > 



Ethereal Packet Sniffing
Ethereal Packet Sniffing (Syngress)
ISBN: 1932266828
EAN: 2147483647
Year: 2004
Pages: 105
Authors: Syngress

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net