Wireshark mailing list archives
Re: running wireshark on my network
From: Gisle Vanem <gvanem () broadpark no>
Date: Tue, 15 Mar 2011 22:34:54 +0100
"Martin Visser" <martinvisser99 () gmail com> wrote:
As far as finding machines running Wireshark there are actually a few techniques. If you Google for "detect promiscuous mode" and follow through on some of the research. One mechanism was using a "feature" of the Linux IP stack where a Linux host in promiscuous mode would respond to IP packet even it was sent to a MAC address it didn't own. There were other techniques involving ARP.
You probably mean the way described here: http://www.securityfriday.com/promiscuous_detection_01.pdf Table 1 specifically. BTW. The paper will also probably give you an idea of how to do an "anti-anti-sniffer" also :) --gv ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- running wireshark on my network Flavio Ferreira (Mar 14)
- Re: running wireshark on my network Bartosz Kiziukiewicz (Mar 14)
- Re: running wireshark on my network Steffen DETTMER (Mar 14)
- Re: running wireshark on my network M Holt (Mar 15)
- Re: running wireshark on my network Stephen Fisher (Mar 15)
- Re: running wireshark on my network Chris Maynard (Mar 15)
- Re: running wireshark on my network Martin Visser (Mar 15)
- Re: running wireshark on my network Gisle Vanem (Mar 15)
- Re: running wireshark on my network M Holt (Mar 15)
- Re: running wireshark on my network Stephen Fisher (Mar 15)
- Re: running wireshark on my network Semjon (Mar 17)
- Re: running wireshark on my network Guy Harris (Mar 17)
- <Possible follow-ups>
- Re: running wireshark on my network Paula Dufour (Mar 14)
- Socket read timeout Mohan Radhakrishnan (Mar 14)