Ethereal-users: Re: [Ethereal-users] What does it mean to "Capture" packets

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Jerry Talkington <jtalkington@xxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 27 Aug 2004 08:05:48 -0700
On Fri, Aug 27, 2004 at 06:49:19AM -0400, Dale Blake JonesWaddell wrote:
> We are having a debate in a networking class about Ehtereal.  Our campus is
> part of a larger Governmental WAN.  We installed Ethereal on several
> computers to show people what goes when two computers communicate.  The
> instructor warned us about unauthorized activity on the network and that any
> "packet sniffing" would be seen by the people who monitor the network.
> 
> I did not tell him he was stupid, although I want to every day, but it is my
> understanding that Ethereal is only reporting the packets that the NIC and
> TCP/IP is picking up anyway.  And that Ethereal is not doing anything "ON"
> or "TO" the rest of the network.  
> 
> So what really is happening?

You are partially correct.  It is possible for network monitors to
detect nics in promiscuous mode.  However, if you uncheck the "Capture
packets in promiscuous mode" checkbox when capturing, nobody will be
able to tell that you are sniffing the network (but you will only be
able to capture packets between the two machines.)


-- 
GPG public key:
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x9D5B8762