Wireshark · Wireshark-users: Re: [Wireshark-users] running wireshark on my network

Wireshark-users: Re: [Wireshark-users] running wireshark on my network

From: Gisle Vanem <gvanem@xxxxxxxxxxxx>

Date: Tue, 15 Mar 2011 22:34:54 +0100

"Martin Visser" <martinvisser99@xxxxxxxxx> wrote:

As far as finding machines running Wireshark there are actually a few
techniques. If you Google for "detect promiscuous mode" and follow
through on some of the research. One mechanism was using a "feature"
of the Linux IP stack where a Linux host in promiscuous mode would
respond to IP packet even it was sent to a MAC address it didn't own.
There were other techniques involving ARP.


You probably mean the way described here:
http://www.securityfriday.com/promiscuous_detection_01.pdf

Table 1 specifically.

BTW. The paper will also probably give you an idea of how to do an
"anti-anti-sniffer" also :)

--gv

References:
- [Wireshark-users] running wireshark on my network
  - From: Flavio Ferreira
- Re: [Wireshark-users] running wireshark on my network
  - From: M Holt
- Re: [Wireshark-users] running wireshark on my network
  - From: Martin Visser

Prev by Date: Re: [Wireshark-users] running wireshark on my network
Next by Date: Re: [Wireshark-users] running wireshark on my network
Previous by thread: Re: [Wireshark-users] running wireshark on my network
Next by thread: Re: [Wireshark-users] running wireshark on my network
Index(es):
- Date
- Thread