Thread
:
Determining the presence of wireshark
View Single Post
#
8
(
permalink
)
March 9th 10, 06:43 PM posted to comp.os.linux.networking,comp.os.linux.security,microsoft.public.access.security,microsoft.public.windows.vista.networking_sharing
Lew Pitcher
external usenet poster
Posts: 3
Determining the presence of wireshark
On March 9, 2010 12:40, in comp.os.linux.networking,
wrote:
On Tue, 9 Mar 2010 08:27:21 -0800 (PST), Karthik Balaguru
wrote:
How to determine the presence of wireshark in a network ?
Look for NIC cards and wireless devices running in promiscuous mode.
Note that this will present false positives if the NICs in question are
running with "user set" MAC addresses.
With "user set" MAC addresses, the NIC cannot use it's builtin comparison
logic to find frames addressed to the NIC. The OS NIC driver logic has to
match the MAC address on /all/ "on the wire" packets to the "user set" MAC
address, and extract those that match. This requires that the NIC run in
promiscuous mode, to permit the driver access to all the network traffic.
--
Lew Pitcher
Master Codewright & JOAT-in-training | Registered Linux User #112576
Me:
http://pitcher.digitalfreehold.ca/
| Just Linux:
http://justlinux.ca/
---------- Slackware - Because I know what I'm doing. ------
Lew Pitcher
View Public Profile
View message headers
Find all posts by Lew Pitcher
Find all threads started by Lew Pitcher
