destination ip

hi people i want to ask a question about packet sniffing if i sniff a packet (using pcap on linux) and find is destination address will it be the destination address of next hop or is it the destination address of required destination for example packet sent to yahoo server will contain(yahoo or next hop) which address one more thing that how do i find which application data is the packet carrying eg yahoo or google thanks

Spyware/Malware/Rootkits are a nightmare for any IT department big or small, when you have the option i almost always just prefer to re-image a machine to be 100% sure of removing the nasties as rootkits can embed themselves so deep in the OS its just a hopeless battle where you end up destroying the install and wasting alot more time just trying to remove it than a re-image would take. Your milage may vary and this is obviously a situational decision as you may not have the resources to re-image at will and get someone up and running again in an hour.

Should you be in that situation where getting rid of the offender is your chosen plan of attack then here is some newer tools that may help you down that road.

I have had people ask me my thoughts on safety.live.com, to me it seems like just a baby web based MSE alternative and whilst MSE is quite good for prevention I’m not confident of its abilities to remove harsh infections that are already present.

So heres my list of removal tools and the order in which I would use them (sites hyperlinked for your convenience):

1. ComboFix - Freeware and quite compact, it seems to be VERY affective at getting some of those common and really stubborn system based attacks, always a first port of call.

2. Super Anti Spyware and MalwareBytes are on par for me as paid secondary cleanup apps, I don’t use them as much since the paid versions are where its really at for long-term assistance. but if you need to be sure that a system is clean it is definitely worth using a second scanner on top of combofix to be 100% sure, SAS has a solid reputation and would be the one I would go to first in most situations