We're now a non-profit! Support open source packet analysis by making a donation.

Wireshark-users: Re: [Wireshark-users] Finding out Stats about users machine

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Tue, 26 Oct 2010 21:20:12 +0200
On 10/26/2010 04:43 PM, Maverick wrote:
Is there anyway in wireshark to figure out from the network traces if
the machine has firewall installed? Aand if it is installed can I
determine if it is being updated ?


Well, if you know that certain attack vectors come into that machine, you can see if and how it responds. That behavior is influenced by a firewall, hence could be deduced from it. An update, if done through the captured interface, may be visible when an update site is accessed.

In short; possible? somewhat, easy? not really.