Wireshark-users: Re: [Wireshark-users] Wireshark in Network - Windows/Linux

From: Hobbe <my1listmail@xxxxxxxxx>
Date: Sat, 20 Mar 2010 19:08:25 +0100
Well IF and i say IF the problem you are having is that people are sniffing it is actually quite easy to come around that by simply  makeing the client sit on a L3 (routed) net with that client and the router beeing the only ones at that network.
That will make all passive sniffing imposible.

To sniff on such a network you would have to have control over the network infrastructure and well if they have that then it is game over anyway.

The sniffing is not a big problem in most environments.



2010/3/20 bart sikkes <b.sikkes@xxxxxxxxx>
Hello Karthik ,

I have been following your answers and remarks for some time now and
wonder what your goal / reason behind this search for sniffer
detection is? the whole nature of sniffing, it being a passive action,
means that it is in principle not possible to detect remotely (some
exceptions as mentioned, but those don't detect sniffers but detect a
certain network card setting and can also be fooled.)

for the rest i agree with ronnie, it seems you don't want people to
snif in your network. well in my opinion you wont be able to stop them
if you cant restrict total physical access to your network or use
something like NAC. still due to the nature of switches they wont be
able to pick up much useful information (again exceptions are
possible). if you worry so much about someone sniffing on your network
you should ask yourself what they shouldn't be able to see and for
example encrypt that traffic.

oh and linux kernel 2.2.10 is like 10 years old, i doubt you will
encounter it often any more.

Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users