Wireshark · Wireshark-users: [Wireshark-users] Viability of detecting Wireshark with ARP-packets

Wireshark-users: [Wireshark-users] Viability of detecting Wireshark with ARP-packets

From: "Hans Nilsson" <hasse_gg@xxxxxxxx>

Date: Fri, 13 Oct 2006 07:19:17 -1100

Hello, I recently read the document "Promiscuous node detection using
ARP packets" [1] about detecting network cards in promiscuous mode and
sniffers with custom-built ARP-packets. For example tools like Cain and
Abel [2] has that capability. But I was wondering if this actually works
against Wireshark?

When I do ifconfig my network card is not listed as being in promiscuous
mode but under options in Wireshark the card is in promiscuous mode and
I can receive all the traffic on my LAN. So is this not a problem
anymore since the NIC doesn't have to be manually set to promiscuous
mode, Wireshark can do that on it's own and therefore won't be detected
by the ARP-technique?

[1]
http://www.securityfriday.com/promiscuous_detection_01.pdf
[2]
http://www.oxid.it/ca_um/topics/promiscuous-mode_scanner.htm
-- 
  Hans Nilsson
  hasse_gg@xxxxxxxx

-- 
http://www.fastmail.fm - A fast, anti-spam email service.

Follow-Ups:
- Re: [Wireshark-users] Viability of detecting Wireshark with ARP-packets
  - From: Ulf Lamping
- Re: [Wireshark-users] Viability of detecting Wireshark with ARP-packets
  - From: Guy Harris
- Re: [Wireshark-users] Viability of detecting Wireshark with ARP-packets
  - From: Hans Nilsson

Prev by Date: Re: [Wireshark-users] Lost packets can not pingmy machineonmynetwork
Next by Date: Re: [Wireshark-users] Viability of detecting Wireshark with ARP-packets
Previous by thread: Re: [Wireshark-users] Lost packets can not ping mymachineonmynetwork
Next by thread: Re: [Wireshark-users] Viability of detecting Wireshark with ARP-packets
Index(es):
- Date
- Thread