Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Wireshark-users: Re: [Wireshark-users] Wireshark in Network - Windows/Linux

Date Index Thread Index Other Months All Mailing Lists

Date Prev Date Next Thread Prev Thread Next

From: ronnie sahlberg <ronniesahlberg@xxxxxxxxx>
Date: Fri, 19 Mar 2010 10:47:04 +1100

On Sat, Mar 13, 2010 at 2:23 PM, Karthik Balaguru
<karthikbalaguru79@xxxxxxxxx> wrote:

> Interesting to know that Linux TCP/IP stack implementation answers to
> TCP/IP packets even if the MAC address on that packet is
> wrong(Promiscuous mode). But, Is this made intentionally in Linux to
> be different from standard behavior in helping the determination of
> presence of sniffer in network ? Any thoughts ?

No, this has nothing to do with sniffer detection but just that linux
is much more flexible with its network stack than traditional unix.
Linux defaults to a very loose association between interfaces and
addresses   while legacy systems traditionally had a very strong
association.

See it as linux defaults to all addresses being loopback addresses,
while other systems default to all addresses being interface
addresses.

It just makes it easier to do a lot of fancy stuff that was
traditionally only done inside routers but seldom in hosts.

References:
- [Wireshark-users] Wireshark in Network - Windows/Linux
  - From: Karthik Balaguru
- Re: [Wireshark-users] Wireshark in Network - Windows/Linux
  - From: Guy Harris
- Re: [Wireshark-users] Wireshark in Network - Windows/Linux
  - From: Karthik Balaguru

Prev by Date: Re: [Wireshark-users] Wireshark in Network - Windows/Linux
Next by Date: Re: [Wireshark-users] Tshark - GTP problem
Previous by thread: Re: [Wireshark-users] Wireshark in Network - Windows/Linux
Next by thread: [Wireshark-users] Extracting SSL Certficates
Index(es):
- Date
- Thread