The following lines were added (+) and removed (-):
:* Ethereal <BR>:* [[Ethereal]] / [[Wireshark]] - packet sniffer:* [[TCPView]] - Part of Microsoft Sysinternals Monitoring traffic from the infected host machine itself my not be helpful as the traffic might be hidden. The traffic needs to be intercepted from a healthy node along the way. Use a smart switch, or smart router. Another option is to route traffic though a hardened Linux machine between the infected host and the router. A router running aftermarket firmware such as [[OpenWRT]], just like using a Linux PC, allows access to powerful tools such as: wireshark, tcpdump, and snort.