Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Sniffing for a virus

Sniffing for a virus

Sniffing for a virus

Does anyone have a suggestion for sniffing a network for infected computers? I've tried ethereal and nmap, neither seem to do the job well enough, or maybe I'm missing something.

The situation is we have a virus on several computers at work. I'm a systems guy, OS/400, VMS, Linus, etc. I don't deal with M$. I'm trying to help our network team track down infected computers.

Any help would be appreciated.


SELECT * FROM management WHERE clue > 1
> 0 rows returned

--ThinkGeek T-Shrit

RE: Sniffing for a virus

It really depends on the virus - I have spotted quite a few recently by looking for machines attempting to ARP ip's that are not allocated on our range.

  We have 172.16.x.x but only use a few of the available subnets.. so if I see a machine ARPing I know something is wrong. I also look at machines sending big bursts of ARPs..

  I have in the past spotted some by looking for netbios traffic as one recent virus was sending out Netbios requests to a non-existant workgroup.

RE: Sniffing for a virus

hi Kozusnik,you can use "Sniffer Portable ".frist you can

use its host table function ,finding which pc is sending

the most packets .Second, if you found it,you can use its

matrix and decode function to analyze packets,finding which

type packet is sended.At last remove virii

(sorry for my poor eng )

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close