Although the WinPcap driver install has been very dependable for a while now (which wasn’t always the case), installing network drivers always carries the risk of disrupting network communications if something goes wrong. On top of that, installing additional software on production systems is generally something you want to minimize if at all possible.
If you provide a pre-installed and configured sniffer for the hacker to use, you might make the hacker’s job a lot easier. Consider that if a hacker manages to gain access to one of your systems a network sniffer can be an indispensable information-gathering tool for the hacker. You might wonder why you wouldn’t just put Wireshark on every system in case a troubleshooting issue comes up. We hope that by this point you have some idea of the troubleshooting power a sniffer can provide. To uninstall tcpdump 3.9.4–1, enter the following command, using the – e switch for erase: To uninstall the package you must use the package name, which is not the same as the name of the RPM file. If the installation is successful, you should see output similar to the following:
Then enter the following command to install tcpdump (for this example it is version 3.9.4–1): Different distributions may have packages specific to their configuration, or a given distribution may not support the newest version of a piece of software. In order to install the tcpdump package, obtain or locate the appropriate package file for your distribution. The syntax and usage is nearly identical to that of WinDump, which we have already discussed, so what I will do here is demonstrate how to install tcpdump on a Linux system if you find it isn’t already installed. Because tcpdump is so widely used, there is a wealth of support information and articles on the Internet on how to use tcpdump. Tcpdump is installed by default on a large number of Linux/UNIX systems.
Tcpdump is native to Linux and does not run on Windows systems. Eric Seagren, in Secure Your Network for Free, 2007 Tcpdump
0 kommentar(er)
