Re: NGSEC's penetration test sniffer

From: The Blueberry (acr872k@hotmail.com)
Date: Sun Sep 29 2002 - 19:08:09 EDT


>[...] In particular it needs WinPcap to be installed. And,
>of course, you really need to be able to uninstall WinPcap once the
>job is finished.
>
> Or is it just that I haven't figured out how install and uninstall
>WinPCap using only a command line or batch interface?
>

Oh well I've already looked for that one and yes, the WinPCap driver is
[un]installable from the command line. They simply make it a bit harder (?)
to find how because of the multiple problems they get when everyone ships
his WinPCAP driver with their softwares. Basically, you have to copy npf.sys
to the system32\drivers folder and wpcap.dll+packet.dll to the system32
folder. Then, start any software/utility that uses WinPCap and when
packet.dll is loaded for the first time, it will make all what's necessary
(reg entries, service registration, etc.) for the driver to work. So a
simple batch file that copies the 3 files for the installation and for the
uninstallation, a net stop npf, instsrv npf remove and the deletion of the 3
files works fine. The driver must not be loaded while the uninstallation
(WPcap team: correct me if I'm wrong on that one). Also, be sure that you
use the proper file versions for packet.dll and npf.sys. Hope that helps!!

~TB

_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail.
http://www.hotmail.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:25 EDT