Wireshark-users: Re: [Wireshark-users] Wireshark in Network - Windows/Linux

From: ronnie sahlberg <ronniesahlberg@xxxxxxxxx>
Date: Fri, 19 Mar 2010 10:47:04 +1100
On Sat, Mar 13, 2010 at 2:23 PM, Karthik Balaguru
<karthikbalaguru79@xxxxxxxxx> wrote:

> Interesting to know that Linux TCP/IP stack implementation answers to
> TCP/IP packets even if the MAC address on that packet is
> wrong(Promiscuous mode). But, Is this made intentionally in Linux to
> be different from standard behavior in helping the determination of
> presence of sniffer in network ? Any thoughts ?

No, this has nothing to do with sniffer detection but just that linux
is much more flexible with its network stack than traditional unix.
Linux defaults to a very loose association between interfaces and
addresses   while legacy systems traditionally had a very strong

See it as linux defaults to all addresses being loopback addresses,
while other systems default to all addresses being interface

It just makes it easier to do a lot of fancy stuff that was
traditionally only done inside routers but seldom in hosts.