Wireshark mailing list archives
Re: Wireshark in Network - Windows/Linux
From: Karthik Balaguru <karthikbalaguru79 () gmail com>
Date: Sun, 21 Mar 2010 14:58:06 +0530
On Sat, Mar 20, 2010 at 3:44 PM, bart sikkes <b.sikkes () gmail com> wrote:
Hello Karthik , I have been following your answers and remarks for some time now and wonder what your goal / reason behind this search for sniffer detection is? the whole nature of sniffing, it being a passive action, means that it is in principle not possible to detect remotely (some exceptions as mentioned, but those don't detect sniffers but detect a certain network card setting and can also be fooled.) for the rest i agree with ronnie, it seems you don't want people to snif in your network. well in my opinion you wont be able to stop them if you cant restrict total physical access to your network or use something like NAC. still due to the nature of switches they wont be able to pick up much useful information (again exceptions are possible). if you worry so much about someone sniffing on your network you should ask yourself what they shouldn't be able to see and for example encrypt that traffic. oh and linux kernel 2.2.10 is like 10 years old, i doubt you will encounter it often any more.
Okay, sniffer is totally passive ! On analyzing various internet links and also based on various discussions, i understand that that unless the sniffer does not take care of things like hiding IP address / there is a flaw in the operating system similar to that of TCP/IP in pre-2.2.10 linux kernel, it is not possible to determine the presence of sniffers performing passive sniffing in the network. The option of using IPSec for all intranet traffic appears to be the main solution against passive sniffing. But, Are there no tricks based on OS in which the sniffer is running ? Though some OS can restrict that only admins can install certain type of sniffers, i think that is not enough. I wonder, why don't the various OS(Linux/Windows) support the detection of Sniffers so that if a user is running it in the network, the OS might intimate it to the admins ? Just eager to know, is it not possible for the OS to detect a sniffer running on it and intimate it ? I think, the various OS(TCP/IP) in network should be configurable such that if there is a sniffer running on it, it would be able to intimate to a set of users(admin) in the network. Are there any such tools already available ? Any thoughts ? Thx in advans, Karthik Balaguru ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Wireshark in Network - Windows/Linux, (continued)
- Re: Wireshark in Network - Windows/Linux Hobbe (Mar 14)
- Re: Wireshark in Network - Windows/Linux Ray Warren (Mar 15)
- Re: Wireshark in Network - Windows/Linux Karthik Balaguru (Mar 15)
- Re: Wireshark in Network - Windows/Linux Hobbe (Mar 16)
- Re: Wireshark in Network - Windows/Linux Karthik Balaguru (Mar 16)
- Re: Wireshark in Network - Windows/Linux Hobbe (Mar 18)
- Re: Wireshark in Network - Windows/Linux ronnie sahlberg (Mar 18)
- Re: Wireshark in Network - Windows/Linux Karthik Balaguru (Mar 20)
- Re: Wireshark in Network - Windows/Linux bart sikkes (Mar 20)
- Re: Wireshark in Network - Windows/Linux Hobbe (Mar 20)
- Re: Wireshark in Network - Windows/Linux Karthik Balaguru (Mar 21)
- Re: Wireshark in Network - Windows/Linux Phil Paradis (Mar 20)
- Re: Wireshark in Network - Windows/Linux ronnie sahlberg (Mar 18)