Wireshark-users: Re: [Wireshark-users] One NIC on public side

From: "Gianluca Varenni" <gianluca.varenni@xxxxxxxxxxxx>
Date: Thu, 13 May 2010 09:19:35 -0700


--------------------------------------------------
From: <mike@xxxxxxxxxxxx>
Sent: Thursday, May 13, 2010 9:09 AM
To: "wireshark-users" <wireshark-users@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-users] One NIC on public side

On Thu, 13 May 2010 07:55:40 -0700, Gianluca Varenni wrote:
On NIC1 you can totally disable the TCP/IP stack. Go to the properties of
that network connection, in the list of services/protocols bound to that
NIC, uncheck TCP/IP.

Ok, I've unchecked TCP/IP but still have others such as MS Client, QoS and of course, the network monitors such as VMON1 and Network Monitor Driver.


MS client gets disabled if you disable TCP/IP. QoS can be disabled as well. The network monitors can be left on.


I was under the impression that without a viable IP on the NIC, it could never be accessed from remote but could be used in promiscuous mode to read traffic.

So, disabling some of these protocols will allow me to safely connect it on the public side again then?

You are disabling TCP/IP on the public NIC. The LAN NIC will have its own IP address, the public one will not. As far as "safely connect" is concerned, it depends on what you mean by "safely".


This will still allow you to capture, but there won't be any protocol bound
to that NIC apart from the WinPcap driver.

One last thing, is the WinPcap driver something I should see in the list of protocols?

No, it doesn't get listed there.

GV


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users

mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe