David Durgee wrote:
I have downloaded and installed Wireshark 0.99.4 on a
Windows 2000 system. I am able to capture packets on
my ethernet interface with the interface enabled and
in full operation, but if I disable the interface as I
expect I will need to in order to operate "stealthy"
the interface is not available to select for capture
in Wireshark.
Obviously, if you disable an interface - it's disabled :-)
How do I need to configure things to be able to do
what I need? Can I define another ethernet interface
using the same NIC that has no protocols enabled on it
and then swap which one is enabled? Do I need to
disable all protocols on the existing interface for
the capture and then manually re-enable them when I
want to reconnect to the network?
Disabling the TCP/IP stack of that interface should be usually enough to
keep the interface quiet - however, never tried it myself if it's really
quiet then.
There are potentially a lot of services running on top of a network
interface, some common today are:
- TCP/IP (switch this off - this will prevent ARP, DNS, NBNS, ... to get
on the network)
- VPN (switch this off)
- services to capture network traffic (should send no packets)
- personal firewall software (should send no packets)
Hope this helps,
Regards, ULFL
