No, because the backdoor can send its responses using spoofed messages. Therefore, all data looks like it's going to and coming from the address of the system without the sniffer. In fact, the sniffer is grabbing the traffic for the backdoor, and the backdoor is spoofing its replies.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
For more information on this topic, visit these other SearchSecurity.com resources:
Webcast archive: Keeping the bad guys out -- defensive strategies revisited, with Ed Skoudis
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.