No, because the backdoor can send its responses using spoofed messages. Therefore, all data looks like it's going to and coming from the address of the system without the sniffer. In fact, the sniffer is grabbing the traffic for the backdoor, and the backdoor is spoofing its replies.
For more information on this topic, visit these other SearchSecurity.com resources:
Webcast archive: Keeping the bad guys out -- defensive strategies revisited, with Ed Skoudis
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.