Wireshark-users: Re: [Wireshark-users] Wireshark in Network - Windows/Linux
From: ronnie sahlberg <[email protected]>
Date: Fri, 19 Mar 2010 10:47:04 +1100
On Sat, Mar 13, 2010 at 2:23 PM, Karthik Balaguru
<[email protected]> wrote:

> Interesting to know that Linux TCP/IP stack implementation answers to
> TCP/IP packets even if the MAC address on that packet is
> wrong(Promiscuous mode). But, Is this made intentionally in Linux to
> be different from standard behavior in helping the determination of
> presence of sniffer in network ? Any thoughts ?

No, this has nothing to do with sniffer detection but just that linux
is much more flexible with its network stack than traditional unix.
Linux defaults to a very loose association between interfaces and
addresses   while legacy systems traditionally had a very strong
association.

See it as linux defaults to all addresses being loopback addresses,
while other systems default to all addresses being interface
addresses.


It just makes it easier to do a lot of fancy stuff that was
traditionally only done inside routers but seldom in hosts.